[Samba] Error when removing client from domain
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 22 12:51:47 UTC 2020
And for this one.
Check if the object has the correct rights, does it has "SELF" rights for example.
Its a longer list to take the time for it to check it.
if you can not find it, try re-joining the computer to the AD domain.
(more below inbetween lines)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens von
> Obernitz, Daniel via samba
> Verzonden: woensdag 22 april 2020 14:05
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Error when removing client from domain
>
> Hi,
>
> when I remove a Windows client from the domain I get the
> following error message in log.samba:
>
> [2020/04/21 13:06:11.453483, 1]
> ../../source4/rpc_server/samr/dcesrv_samr.c:4071(dcesrv_samr_S
> etUserInfo)
> Failed to modify record
> CN=DESKTOP-C9L2OUQ,CN=Computers,DC=ad,DC=example,DC=net:
> Object
> CN=DESKTOP-C9L2OUQ,CN=Computers,DC=ad,DC=example,DC=net has
> no write property access
>
> The computer can still be listed via samba-tool after the
> client removal (I can delete it via samba-tool without problem).
>
> We are still testing, so I'm still using the administrator
> account for adding and removing Windows clients to the domain.
Because that you most probley have problems.
> The error message itself makes sense, the computer object
> does not have write access to the ldap (and I think should
> never have), but the administrator should have them.
No it has no rights on it's own computer object in the AD.
And they should have that.
Try joining an other computer and verify the settings.
>
> We are currently using Samba version 4.12.1-SerNet-Debian-5.buster.
>
> Do you have any idea?
Yup, see above ;-)
Good luck..
Greetz,
Louis
More information about the samba
mailing list