My results.
1- W10 client joined the eregion.lan domain
2- Changing client name
3- Viewing the ldb database record
As you can see Samba updates some of the attributes: sAMAccountName: W10S$
displayName: W10S$
dNSHostName: W10s.eregion.lan
servicePrincipalName: HOST/W10s.eregion.lan
servicePrincipalName: RestrictedKrbHost/W10s.eregion.lan
servicePrincipalName: HOST/W10S
servicePrincipalName: RestrictedKrbHost/W10S
But some others can't be updated without change the DN of the object (it means without removing this object and re-crating another new one)
cn: W10 -> dn: CN=W10,CN=Computers,DC=eregion,DC=lan
So, I' try to use ldbrename to change the machine account name:
root@lothlorien:~# ldbrename -H ldap://127.0.0.1 -U admindc%admindc 'CN=W10,CN=Computers,DC=eregion,DC=lan' 'CN=W10s,CN=Computers,DC=eregion,DC=lan'
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Renamed 1 record
Re-stating samba:
root@lothlorien:~# zs samba restart
I'll restart my client W10s and I'll try to open theShire resource:
Please, do your own trial in lab before to apply this in production. It's the first time I do it, and I'm amazed because it seems to run.Cheers