[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
Dan Oriani
dan at reportallusa.com
Tue Feb 6 20:41:36 UTC 2018
Quoting Dan Oriani via samba <samba at lists.samba.org>:
> Quoting Rowland Penny via samba <samba at lists.samba.org>:
>
>> On Tue, 06 Feb 2018 14:09:08 -0500
>> Dan Oriani via samba <samba at lists.samba.org> wrote:
>>
>>>
>>> I'm not opposed to the idea. Does 'net ads join' support supplying
>>> the machine name as the user, and the one-time-password given to it?
>>> The only reason I'm using adcli at all is the preset-computer option
>>> which I couldn't find an analogue to in 'net ads'.
>>>
>>>
>>
>> I have never tried this, but there is the 'createcomputer=OU' option:
>>
>> Precreate the computer account in a specific OU.
>> The OU string read from top to bottom without RDNs
>> and delimited by a '/'.
>> E.g. "createcomputer=Computers/Servers/Unix"
>> NB: A backslash '\' is used as escape at multiple
>> levels and may need to be doubled or even
>> quadrupled. It is not used as a separator.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
> So I have the computer precreated in the OU. Lets call this host
> 'ruby'. I also pass 'machinepass' so that it can join itself later
> (I think?). On 'ruby' I run 'net ads join', except it asks me for a
> password still. If I try to run 'net ads join -U RUBY$%onetimepass
> -v -d 5' it seems as if it tries to create the machine again, as in
> the logs I get 'machine account creation failed', then 'failed to
> precreate account in ou ....: Insufficient accesssigned SMB2
> message'. Should I be specifying something else? The man page seems
> to suggest that if the machine already exists, it'll use that entry.
> Having 'net ads join' prompt me for a password is a no-go, as it
> brings me right back to manually doing this all by hand.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Also it kind of seems from the logs that running 'net ads join
createcomputer=OU' is attempting to join the computer I'm running the
command on again. The man page really isn't all that specific about it.
More information about the samba
mailing list