[Samba] net offline domain join

Stefan Kania stefan at kania-online.de
Sun Jan 5 13:48:45 UTC 2025


I tried it again, this time directly on a Linux-client. I got:
--------------
root at client01:~# net offlinejoin provision -U administrator%Passw0rd 
domain=example.net machine_name=win11b savefile=provisioning.txt
ads_print_error: AD LDAP ERROR: 19 (Constraint violation): 0000202F: 
samldb: spn[HOST/client01.example.net] would cause a conflict
Failed to provision computer account: Invalid configuration ("netbios 
name" set to 'CLIENT01', should be 'win11b') and configuration 
modification was not requested
--------------
So I thought: Why is the command waiting for the client I try the 
command. But let's test:

root at client01:~# net offlinejoin provision -U administrator%Passw0rd 
domain=example.net machine_name=client01 savefile=provisioning.txt
Successfully provisioned computer 'client01' in domain 'example.net'

Heeee that was working, but why should I use the offlinejoin if I can do 
it only on the client I want to join and STILL need the domain 
adminstrator password on the client. Makes absolutely no sens at all. Th 
djoin command I can (as Administrator) on any Windows-client create 
several client files for different clients. Then copy the files to these 
client and then the lokal administrator can joiin the client WITHOUT the 
domain administrator password.
If that's the way the "net offlinejoin" command should work, then it's 
totally useless. And by the way the manpages is telling:
-----------
  SAVEFILE is an optional parameter to store the generated provisioning 
data on disk.
-----------
That's wrong, you need the file to copy it to a client to join the 
client into the domain. But that is showing me, that the offlinejoin is 
wrong.



Am 04.01.25 um 20:56 schrieb Stefan Kania via samba:
> 
> 
> Am 04.01.25 um 18:59 schrieb Stefan Kania via samba:
>> Hi
>>
>> I try to user the offline domain join. As the manpage of net told me 
>> in an example I tried it with:
>>
>> root at cluster01:~#  net offlinejoin provision -U administrator 
>> domain=example.net machine_name=WINCLIENT11a dcname=dc01 
>> savefile=winclient11a.txt
>>
>> But all I got was:
>>
>> ads_print_error: AD LDAP ERROR: 19 (Constraint violation): 0000202F: 
>> samldb: spn[HOST/cluster.example.net] would cause a conflict
>> Failed to provision computer account: Invalid configuration ("netbios 
>> name" set to 'CLUSTER', should be 'WINCLIENT11a') and configuration 
>> modification was not requested
>>
>> can someone give me a tip how to use the offliendomain join
>>
>> Domain= example
>> DNS-domain = example.net
>> Domaincontrolle = dc01
>> new-client-to-join= win11a
>> savefile = win11a.txt
>>
>> Stefan
>>
> When doing the same on a Windows client:
> H:\>djoin /provision /domain example.net /machine win11a /savefile 
> win1a.txt
> 
> it works
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20250105/4acd85f8/OpenPGP_signature.sig>


More information about the samba mailing list