Question about joining machines to a domain.
Jeremy Allison
jra at samba.org
Wed Mar 15 18:47:07 UTC 2017
Hi guys,
In source3/libnet/libnet_join.c we have:
/* Attempt to create the machine account and bail if this fails.
Assume that the admin wants exactly what they requested */
status = ads_create_machine_acct(r->in.ads,
r->in.machine_name,
r->in.account_ou,
r->in.desired_encryption_types);
if (ADS_ERR_OK(status)) {
DEBUG(1,("machine account creation created\n"));
return status;
} else if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
(status.err.rc == LDAP_ALREADY_EXISTS)) {
status = ADS_SUCCESS;
}
if (!ADS_ERR_OK(status)) {
DEBUG(1,("machine account creation failed\n"));
return status;
}
status = ads_move_machine_acct(r->in.ads,
r->in.machine_name,
r->in.account_ou,
&moved);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("failure to locate/move pre-existing "
"machine account\n"));
return status;
}
DEBUG(1,("The machine account %s the specified OU.\n",
moved ? "was moved into" : "already exists in"));
As you can see it treats LDAP_ALREADY_EXISTS as "ok" and moves
the account anyway. Should we move the account to the new
OU if it already existed, or should we leave it where it
was ?
Jeremy.
More information about the samba-technical
mailing list