Re: [Samba] Little strangeness on dns-* account...
- Date: Wed, 19 Dec 2018 10:29:03 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Little strangeness on dns-* account...
On Wed, 19 Dec 2018 10:43:46 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> The dns-COMPUTER-NAME "user" contains the dns/SPN so be very carefull
> here and dont remove this user.
> Normaly, you would have exected to have the DNS/spn on the
> serverObject in the AD. So imo yes, a small bug, but as Andrew told
> this is intended.
> Adding : isCriticalSystemObject: TRUE
> Should not be needed.
> What i would do here is, use the description field. ( DNS Service
> Account for .... ) Filter out all "*Service Account*"
> Simple and easy to track and it changes nothing in the base..
> You have more acconts to filter out, just add : Service Account in
> the description.
Even easier than that ;-)
It's all in the filter:
ldbsearch -H /var/lib/samba/private/sam.ldb -b
'dc=samdom,dc=example,dc=com' -s sub
-d))))" | grep '[n]ame'
The above is all one line and should be adapted for your ldap suffix.
To unsubscribe from this list go to the following URL and read the