[Samba] Redirecting the computer container doesn't work in Samba 4.8.5
abartlet at samba.org
Sat Sep 22 16:29:25 UTC 2018
On Sat, 2018-09-22 at 13:09 +0200, Kacper via samba wrote:
> Changing "CN=Computers" to another OU doesn't seem to work correctly
> in Samba 4.8.5. Running redircmp or changing the wellKnownObject
> AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4
> now the Windows clients don't seem to respect that entry. They
> try to create their computer object under "CN=Computers" which they
> longer have access to resulting in an Access Denied message during
> domain join.
> In the samba log one can clearly see that the windows clients are
> trying to create their computer accounts in the wrong container.
> Could this be a bug or did something change in the way this is
> dn: DC=mydomain,DC=test
> changetype: modify
> delete: wellKnownObjects
> add: wellKnownObjects
Samba doesn't have much control over what clients choose to do, if they
don't follow the wellKnownObjects we can't really stop that.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba