Kacper
2018-Sep-22 17:14 UTC
[Samba] Redirecting the computer container doesn't work in Samba 4.8.5
But if it worked in samba 4.4 something must have been changed to break this functionality in 4.8. On Sat, 22 Sep 2018, 18:29 Andrew Bartlett, <abartlet at samba.org> wrote:> On Sat, 2018-09-22 at 13:09 +0200, Kacper via samba wrote: > > Hello, > > > > Changing "CN=Computers" to another OU doesn't seem to work correctly > > in Samba 4.8.5. Running redircmp or changing the wellKnownObject > > AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4 > > but > > now the Windows clients don't seem to respect that entry. They > > instead > > try to create their computer object under "CN=Computers" which they > > no > > longer have access to resulting in an Access Denied message during > > domain join. > > > > In the samba log one can clearly see that the windows clients are > > trying to create their computer accounts in the wrong container. > > > > Could this be a bug or did something change in the way this is > > handled? > > > > Regards, > > Kacper > > --- > > > > Ldif: > > dn: DC=mydomain,DC=test > > changetype: modify > > delete: wellKnownObjects > > wellKnownObjects: > > B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=mydomain,DC=tes > > t > > - > > add: wellKnownObjects > > wellKnownObjects: > > B:32:AA312825768811D1ADED00C04FD8D5CD:My_Machines,DC=mydomain,DC=test > > Samba doesn't have much control over what clients choose to do, if they > don't follow the wellKnownObjects we can't really stop that. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > > >
Andrew Bartlett
2018-Sep-22 23:27 UTC
[Samba] Redirecting the computer container doesn't work in Samba 4.8.5
On Sat, 2018-09-22 at 19:14 +0200, Kacper wrote:> But if it worked in samba 4.4 something must have been changed to > break this functionality in 4.8.Sorry, I missed the 4.4 reference. All I can suggest is a massive git bisect to find out what changed the behaviour. Can you please do that? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Kacper
2018-Sep-24 17:31 UTC
[Samba] Redirecting the computer container doesn't work in Samba 4.8.5
I'm in progress of doing a git bisect. Will report back when I'm done. On Sun, Sep 23, 2018 at 1:27 AM Andrew Bartlett <abartlet at samba.org> wrote:> > On Sat, 2018-09-22 at 19:14 +0200, Kacper wrote: > > But if it worked in samba 4.4 something must have been changed to > > break this functionality in 4.8. > > Sorry, I missed the 4.4 reference. All I can suggest is a massive git > bisect to find out what changed the behaviour. > > Can you please do that? > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > >