Web lists-archives.com

Re: [Samba] Howto set/reset/reaad computer account password with samba-4.9.x examples?

On Wed, 16 Jan 2019 22:03:29 +0100
Oliver Rath via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi list,
> I want to perform a domain join of a computer to a given machine
> account with reusing it, not overwriting. For this I think, it is the
> right way (for a unattend.xml) to use the <machinePassword> described
> here:
> https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-identification#child-elements
> in the new feature list of samba 4.9.x is written "The 'samba-tool
> computer' command allow manipulation of computer accounts including
> creating a new computer and resetting the password. This allows an
> 'offline join' of a member server or workstation to the Samba AD
> domain."
> Unfortunatly I dont find any example for
>   * resetting the password (the "setpassword" from user command doesnt
>     work, maybe simply --password?)

It does work, did you forget the '$' on the end of the computer name ?

e.g. samba-tool user setpassword --filter=samaccountname=Computer$

I think you would need to use this with '--random-password'

>   * creating a computer with a given machine password (maybe simply
>     --password,too ?)

You cannot do that, you need to create the computer and then set the

>   * reading the machine password from AD (there i found some old
> variant which didnt work, tested with Win81-clients)

I think you would have to export a keytab for the new computer, pass
this to the new computer and then kinit with this and then do the join
with kerberos.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba