[Samba] debug MS-PAC issue with NFS mounting resulted in host removed from samba DC without any notice
Andrew Bartlett
abartlet at samba.org
Tue Feb 16 20:50:50 UTC 2021
On Tue, 2021-02-16 at 15:43 -0500, Jason Keltz via samba wrote:
> I was trying to debug an NFS related issue with MS-PAC.
>
> I read an article that said you can disable PAC by setting
> userAccountControl from 4096 (default) to 33554432.
>
> I used "samba-tool computer edit <server>" to make the change.
> There
> was no error.
>
> # samba-tool computer edit j2
> Modified computer 'j2' successfully
>
> Now I wanted to see the change:
>
> # samba-tool computer show j2 | grep -i userAccount
> ERROR: Unable to find computer "j2$"
>
> HUH?
You needed to OR in the bits (it is a bitfield), ie add the numbers,
not replace them. You removed the flag for 'computer'.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list