[Samba] smbclient with kerberos
spindles seven
spindles7 at gmail.com
Sun Nov 14 16:36:03 UTC 2021
On Sat Nov 13 16:56:38 UTC 2021 Rowland Penny wrote:
> The CVE seems to have possibly broken most (if not all) the join
> instructions on the internet, including the Samba wiki. If I leave a
> domain:
>
> adminuser at mintmate:~$ sudo net ads leave -U Administrator
> Enter Administrator's password:
> Deleted account for 'MINTMATE' in realm 'SAMDOM.EXAMPLE.COM'
>
> But If now try to join again:
>
> adminuser at mintmate:~$ sudo net ads join -U Administrator
> Enter Administrator's password:
> Failed to join domain: failed to lookup DC info for domain
> 'SAMDOM.EXAMPLE.COM' over rpc: An invalid parameter was passed to a
> service or function.
>
> I have to use a user that is a member of 'Domain Admins':
>
> adminuser at mintmate:~$ sudo net ads join -U SAMDOM\\rowland
> Enter SAMDOM\rowland's password:
> Using short domain name -- SAMDOM
> Joined 'MINTMATE' to dns domain 'samdom.example.com'
>
> Can someone else try this, to confirm it one way or the other.
>
> Rowland
It works OK for me with administrator. Platform: Debian Buster, Samba version 4.14.10:
Leave the domain:
linuxadmin at debian:~$ sudo net ads leave -Uadministrator
Enter administrator's password:
Deleted account for 'DEBIAN' in realm 'MICROLYNX.ORG'
linuxadmin at debian:~$
Join again using administrator:
linuxadmin at debian:~$ sudo net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- MICROLYNX
Joined 'DEBIAN' to dns domain 'microlynx.org'
DNS update failed: NT_STATUS_INVALID_PARAMETER
linuxadmin at debian:~$
Not sure why I'm getting the DNS update error though.
HTH
Roy Eastwood
More information about the samba
mailing list