[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
Dan Oriani
dan at reportallusa.com
Tue Feb 6 19:09:08 UTC 2018
Quoting Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 06 Feb 2018 12:43:20 -0500
> Dan Oriani via samba <samba at lists.samba.org> wrote:
>
>> Quoting Dan Oriani via samba <samba at lists.samba.org>:
>>
>> There seems to be an open bug open about this issue,
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858981, however
>> the FQDN of this machine is already in /etc/hostname, which seemed to
>> be the workaround. I'm still unsure as to where to go from here. I
>> ran 'samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix'
>> which did discover a couple issues and fixed them, but did not fix
>> this issue. Should I expand the SELF permission on the CN=Computer
>> object or something? When I view 'Effective Permissions' of the
>> computer object for SELF, it would seem that it lacks permissions on
>> 'Write userAccountControl', but shouldn't this be granted by default?
>>
>
> I feel you are asking in the wrong place, 'adcli' isn't a Samba
> component, it comes from red-hat.
> Have you tried writing a script around 'net ads join' ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
I'm not opposed to the idea. Does 'net ads join' support supplying the
machine name as the user, and the one-time-password given to it? The
only reason I'm using adcli at all is the preset-computer option which
I couldn't find an analogue to in 'net ads'.
More information about the samba
mailing list