[Samba] Inconsistent results while attempting to preset a computer with a one-time-password
Andrew Bartlett
abartlet at samba.org
Wed Feb 7 18:07:03 UTC 2018
On Wed, 2018-02-07 at 12:42 -0500, Dan Oriani via samba wrote:
>
> And just like that post, if I modify that machine entry and grant
> 'Read Write all properties' on the SELF object, it can then
> successfully join itself. That doesn't really seem like a great idea
> though, and definitely doesn't lend itself to automation.
> Unfortunately it seems as though that thread ends without resolution
> so I'm still unsure as to where to go from here.
I do want to say that this is on our radar. A colleague of mine
recently posted a patch to create computer accounts on the DC ready for
an offline/read-only join from windows, targeting this script:
https://jorgequestforknowledge.wordpress.com/2009/01/01/domain-join-through-an-rodc-instead-of-an-rwdc/
I don't know if Samba's client tools can likewise join such a pre-
created account, but that is clearly the next step.
Perhaps someone could patch 'net ads join machinepass=PASS' to
speculatively use that password and just write it in to the Samba DB if
it is correct, rather than re-creating the account (perhaps only if
readonly=yes is set).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list