samba - Sep 2018 - samba4.8.4 offline domain join

Hello,
I have built a domain  with samba4.8.4. I can join windows to the domain in
normal way successfully. But today when I tried to offline join the domain,
log.samba showed that the password was wrong. But in fact the password was
correct.  And after several time's trying, the machine account got locked.
Offline domain join is available in samba4.5.16. So is there any default setting
get changed in this version? How could I get it work again?


Here's my smb.conf:
[global]
        bind interfaces only = Yes
        interfaces = 8.22.145.173 127.0.0.1
        log file = /var/FusionAccess/LiteAD/log.samba
        log level = 2
        max log size = 15000
        netbios name = SAMBATEST
        realm = TEST.HAUWEI.COM
        server role = active directory domain controller
        workgroup = TEST
        idmap_ldb:use rfc2307 = yes
 
        ldap server require strong auth = no
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
 
[netlogon]
        path = /var/lib/samba/sysvol/test.hauwei.com/scripts
        read only = No
reject md5 clients = yes
 
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
Thanks

Hi Ryan,

how exactly did you create the offline blobs? Im using offline Join here
with samba 4.8.4 and it works fine.

Btw, why differs your Netbios name to dns-name-part?

Regards,
Oliver



On 12.09.2018 17:30, Ryan via samba wrote:
> Hello,
> I have built a domain  with samba4.8.4. I can join windows to the domain in
normal way successfully. But today when I tried to offline join the domain,
log.samba showed that the password was wrong. But in fact the password was
correct.  And after several time's trying, the machine account got locked.
Offline domain join is available in samba4.5.16. So is there any default setting
get changed in this version? How could I get it work again?
>
>
> Here's my smb.conf:
> [global]
>         bind interfaces only = Yes
>         interfaces = 8.22.145.173 127.0.0.1
>         log file = /var/FusionAccess/LiteAD/log.samba
>         log level = 2
>         max log size = 15000
>         netbios name = SAMBATEST
>         realm = TEST.HAUWEI.COM
>         server role = active directory domain controller
>         workgroup = TEST
>         idmap_ldb:use rfc2307 = yes
>  
>         ldap server require strong auth = no
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
>  
> [netlogon]
>         path = /var/lib/samba/sysvol/test.hauwei.com/scripts
>         read only = No
> reject md5 clients = yes
>  
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> Thanks
>
>
>
>
>

Hi Oliver,
Firstly I create a machine acconut in domain. Then I change the password and use
this password to authenticate by the method NetJoinDomain, which is provided by
microsoft. The NetJoinDomain returns 1326 and tell the username is unknown or
password is wrong.

I don't get your question  'differs your Netbios name to
dns-name-part?'

Thanks

>Hi Ryan,
>
>how exactly did you create the offline blobs? Im using offline Join here
>with samba 4.8.4 and it works fine.
>
>Btw, why differs your Netbios name to dns-name-part?
>
>Regards,
>Oliver
>
>
>
>On 12.09.2018 17:30, Ryan via samba wrote:
>> Hello,
>> I have built a domain  with samba4.8.4. I can join windows to the
domain in normal way successfully. But today when I tried to offline join the
domain, log.samba showed that the password was wrong. But in fact the password
was correct.  And after several time's trying, the machine account got
locked. Offline domain join is available in samba4.5.16. So is there any default
setting get changed in this version? How could I get it work again?
>>
>>
>> Here's my smb.conf:
>> [global]
>>         bind interfaces only = Yes
>>         interfaces = 8.22.145.173 127.0.0.1
>>         log file = /var/FusionAccess/LiteAD/log.samba
>>         log level = 2
>>         max log size = 15000
>>         netbios name = SAMBATEST
>>         realm = TEST.HAUWEI.COM
>>         server role = active directory domain controller
>>         workgroup = TEST
>>         idmap_ldb:use rfc2307 = yes
>>  
>>         ldap server require strong auth = no
>>         load printers = no
>>         printing = bsd
>>         printcap name = /dev/null
>>         disable spoolss = yes
>>  
>> [netlogon]
>>         path = /var/lib/samba/sysvol/test.hauwei.com/scripts
>>         read only = No
>> reject md5 clients = yes
>>  
>> [sysvol]
>>         path = /var/lib/samba/sysvol
>>         read only = No
>> Thanks
>>
>>
>>
>>
>>  
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba