Web lists-archives.com

Re: [Samba] Redirecting the computer container doesn't work in Samba 4.8.5




But if it worked in samba 4.4 something must have been changed to break
this functionality in 4.8.

On Sat, 22 Sep 2018, 18:29 Andrew Bartlett, <abartlet@xxxxxxxxx> wrote:

> On Sat, 2018-09-22 at 13:09 +0200, Kacper via samba wrote:
> > Hello,
> >
> > Changing "CN=Computers" to another OU doesn't seem to work correctly
> > in Samba 4.8.5. Running redircmp or changing the wellKnownObject
> > AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4
> > but
> > now the Windows clients don't seem to respect that entry. They
> > instead
> > try to create their computer object under "CN=Computers" which they
> > no
> > longer have access to resulting in an Access Denied message during
> > domain join.
> >
> > In the samba log one can clearly see that the windows clients are
> > trying to create their computer accounts in the wrong container.
> >
> > Could this be a bug or did something change in the way this is
> > handled?
> >
> > Regards,
> > Kacper
> > ---
> >
> > Ldif:
> > dn: DC=mydomain,DC=test
> > changetype: modify
> > delete: wellKnownObjects
> > wellKnownObjects:
> > B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=mydomain,DC=tes
> > t
> > -
> > add: wellKnownObjects
> > wellKnownObjects:
> > B:32:AA312825768811D1ADED00C04FD8D5CD:My_Machines,DC=mydomain,DC=test
>
> Samba doesn't have much control over what clients choose to do, if they
> don't follow the wellKnownObjects we can't really stop that.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba