Web lists-archives.com

Re: [Samba] samba-tool group removemembers, not working




On 28/05/2019 20:31, Mark Foley via samba wrote:
Denis if all you say is true, "misleading" is wildly understated.  You say I can test with
different groups other than "Domain Computer".  I'm not sure where I would even begin since,
well, this *is* a Domain Computer.  I've included my list of groups (samba-tool group list)
below.  Do you have a suggestion where a domain member computer might really be? I've done a
listmembers of each of these groups and the only one in which I find MARKA is "Domain
Computers".

Hi Mark, can I ask just what you are trying to achieve ?

When you join a computer to the domain a computer object is created in cn=Computers,dc=whatever,dc=yourdomain,dc=is

If you examine an object for a computer you will find that there is this:

primaryGroupID: 515

The '515' is the RID for 'Domain Computers'.

What you will not find is the attribute 'memberof' pointing to 'Domain Computers.

If you remember that a computer is a special user and that normal users are members of  'Domain Users' and you cannot remove a user from 'Domain Users'.

When you remove a user from a normal group, what you actually do is to delete the users 'member' attribute from the groups object, this automatically removes the 'memberof' attribute from the users object, these type of links are referred to as 'backlinks'. I hope you can see that trying to remove a computer from Domain Computers will not work because the 'backlinks' do not exist.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba