Rowland Penny
2018-Feb-06  18:41 UTC
[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
On Tue, 06 Feb 2018 12:43:20 -0500 Dan Oriani via samba <samba at lists.samba.org> wrote:> Quoting Dan Oriani via samba <samba at lists.samba.org>: > > There seems to be an open bug open about this issue, > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858981, however > the FQDN of this machine is already in /etc/hostname, which seemed to > be the workaround. I'm still unsure as to where to go from here. I > ran 'samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix' > which did discover a couple issues and fixed them, but did not fix > this issue. Should I expand the SELF permission on the CN=Computer > object or something? When I view 'Effective Permissions' of the > computer object for SELF, it would seem that it lacks permissions on > 'Write userAccountControl', but shouldn't this be granted by default? >I feel you are asking in the wrong place, 'adcli' isn't a Samba component, it comes from red-hat. Have you tried writing a script around 'net ads join' ? Rowland
Dan Oriani
2018-Feb-06  19:09 UTC
[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
Quoting Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 06 Feb 2018 12:43:20 -0500 > Dan Oriani via samba <samba at lists.samba.org> wrote: > >> Quoting Dan Oriani via samba <samba at lists.samba.org>: >> >> There seems to be an open bug open about this issue, >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858981, however >> the FQDN of this machine is already in /etc/hostname, which seemed to >> be the workaround. I'm still unsure as to where to go from here. I >> ran 'samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix' >> which did discover a couple issues and fixed them, but did not fix >> this issue. Should I expand the SELF permission on the CN=Computer >> object or something? When I view 'Effective Permissions' of the >> computer object for SELF, it would seem that it lacks permissions on >> 'Write userAccountControl', but shouldn't this be granted by default? >> > > I feel you are asking in the wrong place, 'adcli' isn't a Samba > component, it comes from red-hat. > Have you tried writing a script around 'net ads join' ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaI'm not opposed to the idea. Does 'net ads join' support supplying the machine name as the user, and the one-time-password given to it? The only reason I'm using adcli at all is the preset-computer option which I couldn't find an analogue to in 'net ads'.
Rowland Penny
2018-Feb-06  19:24 UTC
[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
On Tue, 06 Feb 2018 14:09:08 -0500 Dan Oriani via samba <samba at lists.samba.org> wrote:> > I'm not opposed to the idea. Does 'net ads join' support supplying > the machine name as the user, and the one-time-password given to it? > The only reason I'm using adcli at all is the preset-computer option > which I couldn't find an analogue to in 'net ads'. > >I have never tried this, but there is the 'createcomputer=OU' option: Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. "createcomputer=Computers/Servers/Unix" NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator. Rowland
Apparently Analagous Threads
- Inconsistent results while attempting to preset a computer with a one-time-password
- Inconsistent results while attempting to preset a computer with a one-time-password
- Inconsistent results while attempting to preset a computer with a one-time-password
- Inconsistent results while attempting to preset a computer with a one-time-password
- Inconsistent results while attempting to preset a computer with a one-time-password