Web lists-archives.com

Re: [Samba] Howto set/reset/reaad computer account password with samba-4.9.x examples?




On Wed, 16 Jan 2019 22:03:29 +0100
Oliver Rath via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi list,
> 
> I want to perform a domain join of a computer to a given machine
> account with reusing it, not overwriting. For this I think, it is the
> right way (for a unattend.xml) to use the <machinePassword> described
> here:
> https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-identification#child-elements
> 
> in the new feature list of samba 4.9.x is written "The 'samba-tool
> computer' command allow manipulation of computer accounts including
> creating a new computer and resetting the password. This allows an
> 'offline join' of a member server or workstation to the Samba AD
> domain."
> 
> Unfortunatly I dont find any example for
> 
>   * resetting the password (the "setpassword" from user command doesnt
>     work, maybe simply --password?)

It does work, did you forget the '$' on the end of the computer name ?

e.g. samba-tool user setpassword --filter=samaccountname=Computer$

I think you would need to use this with '--random-password'

>   * creating a computer with a given machine password (maybe simply
>     --password,too ?)

You cannot do that, you need to create the computer and then set the
password.

>   * reading the machine password from AD (there i found some old
> variant which didnt work, tested with Win81-clients)

I think you would have to export a keytab for the new computer, pass
this to the new computer and then kinit with this and then do the join
with kerberos.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba