David Stringfield
2018-Apr-23 06:40 UTC
[Samba] Unable to Join Samba Domain: Password Error
Hi all, I am attempting to join a Centos7 machine to a Samba NT4 domain. I have created an account on our OpenLDAP server and ensured it has the default password. However trying to join the domain is consistently throwing an error.>From the machine that is trying to join the domain, I get this (edited forbrevity): $~ net rpc join -U <user>%<passwd> -d 1 -I 192.168.70.XXX libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : ‘YYYY’' domain_name : * domain_name : 'XXXX’ domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) ../source3/rpc_client/cli_pipe.c:568: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host REMUS! libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'WMA' dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : * domain_sid : S-1-5-21-121215118-3415587123-1071246906 modified_config : 0x00 (0) error_string : 'Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) ' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_INVALID_PASSWORD Viewing the log file on the samba server I see: [2018/04/23 15:29:52.633780, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client YYYY machine account YYYY$ [2018/04/23 15:29:53.140584, 0] lib/charcnv.c:543(convert_string_talloc) Conversion error: Illegal multibyte sequence(▒▒lk▒▒▒1▒0`ã▒.▒t▒t▒:▒▒▒5) [2018/04/23 15:29:53.140759, 0] ../libcli/auth/smbencrypt.c:597(decode_pw_buffer) decode_pw_buffer: failed to convert incoming password It appears to be something with the encryption/coding but I just can’t figure out what, I’ve had little help from googling most of the errors. Thanks, David
Harald Hannelius
2019-Sep-05 12:21 UTC
[Samba] Unable to Join Samba Domain: Password Error
I had the same problem. Check that "unix charset" matches on DC and Member Server. Then joining worked again for me. On Mon, 23 Apr 2018, David Stringfield via samba wrote:> Hi all, > > > > I am attempting to join a Centos7 machine to a Samba NT4 domain. I have > created an account on our OpenLDAP server and ensured it has the default > password. However trying to join the domain is consistently throwing an > error. > > > > From the machine that is trying to join the domain, I get this (edited for > brevity): > > $~ net rpc join -U <user>%<passwd> -d 1 -I 192.168.70.XXX > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > in: struct libnet_JoinCtx > > dc_name : NULL > > machine_name : ?YYYY?' > > domain_name : * > > domain_name : 'XXXX? > > domain_name_type : JoinDomNameTypeUnknown (0) > > account_ou : NULL > > admin_account : 'root' > > admin_domain : NULL > > machine_password : NULL > > join_flags : 0x00000023 (35) > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > os_version : NULL > > os_name : NULL > > os_servicepack : NULL > > create_upn : 0x00 (0) > > upn : NULL > > modify_config : 0x00 (0) > > ads : NULL > > debug : 0x01 (1) > > use_kerberos : 0x00 (0) > > secure_channel_type : SEC_CHAN_WKSTA (2) > > desired_encryption_types : 0x0000001f (31) > > ../source3/rpc_client/cli_pipe.c:568: RPC fault code > DCERPC_NCA_S_OP_RNG_ERROR received from host REMUS! > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > out: struct libnet_JoinCtx > > account_name : NULL > > netbios_domain_name : 'WMA' > > dns_domain_name : NULL > > forest_name : NULL > > dn : NULL > > domain_sid : * > > domain_sid : > S-1-5-21-121215118-3415587123-1071246906 > > modified_config : 0x00 (0) > > error_string : 'Failed to set password for machine > account (NT_STATUS_WRONG_PASSWORD) > > ' > > domain_is_ad : 0x00 (0) > > set_encryption_types : 0x00000000 (0) > > result : WERR_INVALID_PASSWORD > > > > > > Viewing the log file on the samba server I see: > > [2018/04/23 15:29:52.633780, 0] > rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) > > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client YYYY machine account YYYY$ > > [2018/04/23 15:29:53.140584, 0] lib/charcnv.c:543(convert_string_talloc) > > Conversion error: Illegal multibyte sequence(??lk???1?0`??.?t?t?:???5) > > [2018/04/23 15:29:53.140759, 0] > ../libcli/auth/smbencrypt.c:597(decode_pw_buffer) > > decode_pw_buffer: failed to convert incoming password > > > > It appears to be something with the encryption/coding but I just can?t > figure out what, I?ve had little help from googling most of the errors. > > > > Thanks, > > David > >-- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020