Adding Machine Account using Kerberos

[vitalsecurity]

My original attempts with addcomputer.py were failing because, despite having valid Domain Admin Kerberos credentials, the build of Impacket has a bug causing SAMR (SMB) computer creation to always return STATUS_ACCESS_DENIED.

I had to use -method LDAPS to bypass SAMR entirely, allowing me to create the computer over secure LDAP with Kerberos, which works reliably and avoids the Impacket SMB bug.

The command python3 addcomputer.py -computer-name lowprivPC -computer-pass $computer-pass -k -no-pass -dc-ip 192.168.2.4 doazlab.com/doadmin:'$doadminpass'@192.168.2.4 -dc-host dc01 also fails as it combines -no-pass (Kerberos) and then specifies NTLM credentials to use.

Example of working command below:

KRB5CCNAME=/opt/impacket/examples/doadmin.ccache python3 addcomputer.py -method LDAPS -computer-name lowprivPC -computer-pass L0wPr1VSys -k -no-pass -dc-host dc01.doazlab.com doazlab.com/doadmin