Web lists-archives.com

Re: [Samba] Inconsistent results while attempting to preset a computer with a one-time-password




Quoting Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

On Tue, 06 Feb 2018 12:43:20 -0500
Dan Oriani via samba <samba@xxxxxxxxxxxxxxx> wrote:

Quoting Dan Oriani via samba <samba@xxxxxxxxxxxxxxx>:

     There seems to be an open bug open about this issue,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858981, however
the FQDN of this machine is already in /etc/hostname, which seemed to
be the workaround. I'm still unsure as to where to go from here. I
ran 'samba-tool  dbcheck --cross-ncs --reset-well-known-acls --fix'
which did discover a couple issues and fixed them, but did not fix
this issue. Should I expand the SELF permission on the CN=Computer
object or something? When I view 'Effective Permissions' of the
computer object for SELF, it would seem that it lacks permissions on
'Write userAccountControl', but shouldn't this be granted by default?


I feel you are asking in the wrong place, 'adcli' isn't a Samba
component, it comes from red-hat.
Have you tried writing a script around 'net ads join' ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

I'm not opposed to the idea. Does 'net ads join' support supplying the machine name as the user, and the one-time-password given to it? The only reason I'm using adcli at all is the preset-computer option which I couldn't find an analogue to in 'net ads'.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba