[Samba] smbclient with kerberos

[Stefan Kania]

Am 14.11.21 um 17:36 schrieb spindles seven via samba:
> 
> On Sat Nov 13 16:56:38 UTC 2021 Rowland Penny wrote:
>> The CVE seems to have possibly broken most (if not all) the join
>> instructions on the internet, including the Samba wiki. If I leave a
>> domain:
>>
>> adminuser at mintmate:~$ sudo net ads leave -U Administrator
>> Enter Administrator's password:
>> Deleted account for 'MINTMATE' in realm 'SAMDOM.EXAMPLE.COM'
>>
>> But If now try to join again:
>>
>> adminuser at mintmate:~$ sudo net ads join -U Administrator
>> Enter Administrator's password:
>> Failed to join domain: failed to lookup DC info for domain
>> 'SAMDOM.EXAMPLE.COM' over rpc: An invalid parameter was passed to a
>> service or function.
>>
>> I have to use a user that is a member of 'Domain Admins':
>>
>> adminuser at mintmate:~$ sudo net ads join -U SAMDOM\\rowland
>> Enter SAMDOM\rowland's password:
>> Using short domain name -- SAMDOM
>> Joined 'MINTMATE' to dns domain 'samdom.example.com'
>>
>> Can someone else try this, to confirm it one way or the other.
>>
>> Rowland
> 
> It works OK for me with administrator.   Platform: Debian Buster, Samba version 4.14.10:
> 
> Leave the domain:
> 
> linuxadmin at debian:~$ sudo net ads leave -Uadministrator
> Enter administrator's password:
> Deleted account for 'DEBIAN' in realm 'MICROLYNX.ORG'
> linuxadmin at debian:~$
> 
> Join again using administrator:
> 
> linuxadmin at debian:~$ sudo net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- MICROLYNX
> Joined 'DEBIAN' to dns domain 'microlynx.org'
> DNS update failed: NT_STATUS_INVALID_PARAMETER
> linuxadmin at debian:~$
> 
> Not sure why I'm getting the DNS update error though.
> 
> HTH
> 
> Roy Eastwood
> 
> 
Same here, I joined a windows 10 with "administrator" And I got the
message "DNS update error" Then I took a user who is member of the group
"domain admins" and it works.



Stefan