[Samba] Redirecting the computer container doesn't work in Samba 4.8.5

Kacper kacper at kacper.se
Sat Sep 22 17:14:09 UTC 2018


But if it worked in samba 4.4 something must have been changed to break
this functionality in 4.8.

On Sat, 22 Sep 2018, 18:29 Andrew Bartlett, <abartlet at samba.org> wrote:

> On Sat, 2018-09-22 at 13:09 +0200, Kacper via samba wrote:
> > Hello,
> >
> > Changing "CN=Computers" to another OU doesn't seem to work correctly
> > in Samba 4.8.5. Running redircmp or changing the wellKnownObject
> > AA312825768811D1ADED00C04FD8D5CD to another OU worked in Samba 4.4
> > but
> > now the Windows clients don't seem to respect that entry. They
> > instead
> > try to create their computer object under "CN=Computers" which they
> > no
> > longer have access to resulting in an Access Denied message during
> > domain join.
> >
> > In the samba log one can clearly see that the windows clients are
> > trying to create their computer accounts in the wrong container.
> >
> > Could this be a bug or did something change in the way this is
> > handled?
> >
> > Regards,
> > Kacper
> > ---
> >
> > Ldif:
> > dn: DC=mydomain,DC=test
> > changetype: modify
> > delete: wellKnownObjects
> > wellKnownObjects:
> > B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=mydomain,DC=tes
> > t
> > -
> > add: wellKnownObjects
> > wellKnownObjects:
> > B:32:AA312825768811D1ADED00C04FD8D5CD:My_Machines,DC=mydomain,DC=test
>
> Samba doesn't have much control over what clients choose to do, if they
> don't follow the wellKnownObjects we can't really stop that.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>


More information about the samba mailing list