Public bug reported: WHen a domain was joined using samba as the join software (i.e., net ads join was used), and a custom computer name was specified, then this same name should be used when leaving the domain with the -r option, to remove the computer. Otherwise the "net ads leave" command will try to use the hostname and won't find it in AD:
# joining with a custom name of GG, whereas hostname is g-adclient1:
root@g-adclient1:~# realm -v join ad1.example.com --client-software=winbind
--computer-name=GG
* Resolving: _ldap._tcp.ad1.example.com
* Performing LDAP DSE lookup on: 10.51.0.5
* Successfully discovered: ad1.example.com
* Unconditionally checking packages
* Resolving required packages
* Joining using a manual netbios name: GG
* LANG=C LOGNAME=root KRB5CCNAME=/var/cache/realmd/realm-ad-kerberos-8GVPQ0
/usr/bin/net -s /var/cache/realmd/realmd-smb-conf.6BYEQ0 -k ads join
ad1.example.com
DNS update failed: NT_STATUS_INVALID_PARAMETER
Using short domain name -- AD1
Joined 'GG' to dns domain 'ad1.example.com'
No DNS domain configured for gg. Unable to perform DNS Update.
* LANG=C LOGNAME=root KRB5CCNAME=/var/cache/realmd/realm-ad-kerberos-8GVPQ0
/usr/bin/net -s /var/cache/realmd/realmd-smb-conf.6BYEQ0 -k ads keytab create
* /usr/sbin/update-rc.d winbind enable
* /usr/sbin/service winbind restart
* Successfully enrolled machine in realm
Computer entry created with the name GG:
root@g-adclient1:~# ldapsearch '(|(cn=GG)(cn=G-ADCLIENT1))' dn
dn: CN=GG,CN=Computers,DC=ad1,DC=example,DC=com
Leaving fails to find the computer, as it looks for g-adclient1:
root@g-adclient1:~# realm -v leave ad1.example.com --client-software=winbind -r
Password for Administrator:
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.JRDKQ0
-U Administrator ads leave
Enter Administrator's password:Host account for g-adclient1 does not exist.
Failed to leave domain: failed to leave realm: No such object
! Leaving the domain ad1.example.com failed
* Removing entries from keytab for realm
* Updating smb.conf file
* /usr/sbin/update-rc.d winbind disable
* /usr/sbin/service winbind stop
* Successfully unenrolled machine from realm
root@g-adclient1:~# ldapsearch '(|(cn=GG)(cn=G-ADCLIENT1))' dn
dn: CN=GG,CN=Computers,DC=ad1,DC=example,DC=com
** Affects: realmd (Ubuntu)
Importance: Undecided
Assignee: Andreas Hasenack (ahasenack)
Status: In Progress
** Summary changed:
- Use correct netbios name when leaving a domain
+ Use correct netbios name when leaving a domain joined with net ads
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894340
Title:
Use correct netbios name when leaving a domain joined with net ads
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/realmd/+bug/1894340/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
