[Samba] Inconsistent results while attempting to preset a computer with a one-time-password

Andrew Bartlett abartlet at samba.org
Wed Feb 7 18:07:03 UTC 2018


On Wed, 2018-02-07 at 12:42 -0500, Dan Oriani via samba wrote:
> 
> And just like that post, if I modify that machine entry and grant  
> 'Read Write all properties' on the SELF object, it can then  
> successfully join itself. That doesn't really seem like a great idea  
> though, and definitely doesn't lend itself to automation.  
> Unfortunately it seems as though that thread ends without resolution  
> so I'm still unsure as to where to go from here.

I do want to say that this is on our radar.  A colleague of mine
recently posted a patch to create computer accounts on the DC ready for
an offline/read-only join from windows, targeting this script:

https://jorgequestforknowledge.wordpress.com/2009/01/01/domain-join-through-an-rodc-instead-of-an-rwdc/

I don't know if Samba's client tools can likewise join such a pre-
created account, but that is clearly the next step.  

Perhaps someone could patch 'net ads join machinepass=PASS' to
speculatively use that password and just write it in to the Samba DB if
it is correct, rather than re-creating the account (perhaps only if
readonly=yes is set). 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list