[Samba] samba-tool group removemembers, not working
Mark Foley
mfoley at ohprs.org
Tue May 28 19:43:56 UTC 2019
I hate to be a complete moron on this, but I'm apparently not setting YOURDCNAME_HERE
correctly. I get the errors:
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://mail' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to ldap://mail - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
plus lots more. In addition to 'mail' I've tried 'mail.hprs.local' and 'hprs.local'. None of
those guesses work. Suggestion?
--Mark
On Tue, 28 May 2019 11:38:45 +0200 "L.P.H. van Belle" <belle at bazuin.nl> wrote:
>
> Hai,
>
> Can you post the output of :
> ldbsearch --show-binary -H ldap://YOURDCNAME_HERE "(&(objectClass=computer)(sAMAccountName=MARKA$))" -k yes | grep -v '#' | grep -v 'ref:'
> (https://bugzilla.samba.org/show_bug.cgi?id=11482)
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Denis Cardon via samba
> > Verzonden: dinsdag 28 mei 2019 11:04
> > Aan: Mark Foley; samba at lists.samba.org
> > Onderwerp: Re: [Samba] samba-tool group removemembers, not working
> >
> > Hi Mark,
> >
> > > Because of other issues using ADUC, I tried to remove a
> > domain member using:
> > >
> > >> samba-tool group removemembers "Domain Computers" MARKA\$
> > > Removed members from group Domain Computers
> > >
> > > As shown, it say it "Removed members", but ...
> > >
> > >> samba-tool group listmembers "Domain Computers"
> > > :
> > > LABRAT$
> > > :
> > > OHPRSSTORAGE$
> > > MARKA$
> > > :
> > > COMMON$
> > > :
> > >
> > > listmembers still shows the computer as a member of "Domain
> > Computers". What's up with this?
> >
> > "Domain Computers" is the primaryGroupID of AD joined computer (515).
> > The computer object is a member not because it is listed in the group
> > membership, but because of its primaryGroupID attribute. If
> > you want to
> > get it out of "domain computers", you have to change that
> > attribute to
> > something else.
> >
> > You can test with a different group than "Domain computers"
> > or "Domain
> > computers", it will work as intended.
> >
> > I admit that the message is misleading though. By the way, why do you
> > want to remove that computer from "Domain Computers" group?
> >
> > Cheers,
> >
> > Denis
> >
> > >
> > > Samba Version 4.8.2
> > >
> > > THX --Mark
> > >
> >
> > --
> > Denis Cardon
> > Tranquil IT
> > 12 avenue Jules Verne (Bat. A)
> > 44230 Saint Sébastien sur Loire (FRANCE)
> > tel : +33 (0) 240 975 755
> > http://www.tranquil.it
> >
> > Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
> > Samba install wiki for Frenchies : https://dev.tranquil.it
> > WAPT, software deployment made easy : https://wapt.fr
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list