Ryan
2018-Sep-14 12:01 UTC
[Samba] samba4.8.x machine account authentication using NetJoinDomain failed
Actually 0904.huawei.com is just one of my test domain. I also built domain naned vds.huawei.com. Same problem exsts. Besides, samba 4.5.16 doesn't have this issue. I still doubt that some setting changed, such as encrypt method permission... After all, the log renainds password is wrong.Do you have any other clue?>On Fri, 14 Sep 2018 15:07:07 +0800 (CST) >Ryan via samba <samba at lists.samba.org> wrote: > >> Hi all, >> I tried samba 4.8.3, 4.8.4 and 4.8.5 to build a domain. In the domain >> I firstly create a machine acconut and set it's password. Then I get >> a computer that own this machine account's name. I use the mechod >> NetJoinDomain to get this computer authencated to the domain. It >> failed with returncode 1326. Besides, all the process above is >> avaliable in samba 4.5.16. So does any default setting change from >> 4.5.x to 4.8.x? What can I do to make it work again? Hope for help~ >> Here’s the smb.conf. I’ve tried to add winbind offline logon = yes >> in the global section, but doesn’t work either. [global] bind >> interfaces only = Yes interfaces = 8.22.127.121 127.0.0.1 log file >> = /var/FusionAccess/LiteAD/log.samba log level = 2 max log size >> 15000 netbios name = SUSE-2 realm = 0904.HUAWEI.COM >> server role = active directory domain controller >> workgroup = 0904 >> 'idmap_ldb:use rfc2307 = yes' >> > >Why are there single quotes around the line above ? > >The big one though is, your workgroup name is illegal. > >If you go here: > >https://support.microsoft.com/en-gb/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and > >Under 'NetBIOS domain names' > >You will find: > >In Windows 2000 and in later versions of Windows, computers that are >members of an Active Directory domain cannot have names that are >composed completely of numbers. This restriction is because of DNS >restrictions. > >I think you may have been lucky that it worked previously, there has >recently been work to get this sort of thing to do what you need, try >again with 4.9.0, but lose the all numeric workgroup name ;-) > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2018-Sep-14 12:25 UTC
[Samba] samba4.8.x machine account authentication using NetJoinDomain failed
On Fri, 14 Sep 2018 20:01:41 +0800 (CST) Ryan <ryanyang51 at 163.com> wrote:> Actually 0904.huawei.com is just one of my test domain. I also built > domain naned vds.huawei.com. Same problem exsts. Besides, samba > 4.5.16 doesn't have this issue. I still doubt that some setting > changed, such as encrypt method permission... After all, the log > renainds password is wrong.Do you have any other clue? > >As far as I am aware, this wasn't expected to work with 4.5.x, you were just lucky that it did. There have been numerous changes since then and it is highly likely one or more of these has altered Samba so that it doesn't work any more on the versions you have tried. Samba 4.9.0 has now been released with an enhanced version of 'samba-tool computer' which may do what you require. Rowland
Ryan
2018-Sep-20 08:36 UTC
[Samba] samba4.8.x machine account authentication using NetJoinDomain failed
Maybe as you said I was lucky before. Then if I have a computer account in my domain, how can I get this computer authencated in domain as I did before? Does the NetJoinDomain work either? Because I just try to create a computer account using RSAT, but use it to authencate with the domain by NetJoinDomain , which failed. Or how to offline domain join in samba4.9.0? Ryan>On Fri, 14 Sep 2018 20:01:41 +0800 (CST) >Ryan <ryanyang51 at 163.com> wrote: > >> Actually 0904.huawei.com is just one of my test domain. I also built >> domain naned vds.huawei.com. Same problem exsts. Besides, samba >> 4.5.16 doesn't have this issue. I still doubt that some setting >> changed, such as encrypt method permission... After all, the log >> renainds password is wrong.Do you have any other clue? >> >> > >As far as I am aware, this wasn't expected to work with 4.5.x, you were >just lucky that it did. There have been numerous changes since then and >it is highly likely one or more of these has altered Samba so that it >doesn't work any more on the versions you have tried. Samba 4.9.0 has >now been released with an enhanced version of 'samba-tool computer' >which may do what you require. > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba