[Samba] Redirecting the computer container doesn't work in Samba 4.8.5

Kacper kacper at kacper.se
Sat Sep 22 11:09:22 UTC 2018


Hello,

Changing "CN=Computers" to another OU doesn't seem to work correctly
in Samba 4.8.5. Running redircmp or changing the wellKnownObject
AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4 but
now the Windows clients don't seem to respect that entry. They instead
try to create their computer object under "CN=Computers" which they no
longer have access to resulting in an Access Denied message during
domain join.

In the samba log one can clearly see that the windows clients are
trying to create their computer accounts in the wrong container.

Could this be a bug or did something change in the way this is handled?

Regards,
Kacper
---

Ldif:
dn: DC=mydomain,DC=test
changetype: modify
delete: wellKnownObjects
wellKnownObjects:
B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=mydomain,DC=test
-
add: wellKnownObjects
wellKnownObjects:
B:32:AA312825768811D1ADED00C04FD8D5CD:My_Machines,DC=mydomain,DC=test



More information about the samba mailing list