Patch: System keytab usage improvements
James, Garrick
garrick.james at wamu.net
Wed Jun 2 20:57:36 GMT 2004
All,
I am not a Samba developer (so maybe I shouldn't be posting to this
list--let me know), but I have been following this thread about patching
samba 3.x to support managing the system's keytab with great interest
(and hope that everything works out for it to get included soon). I am
currently just starting to test the patch that Dan Perry has submitted
here. The testing will be against a Windows 2000 realm. I am currently
using the v6 version of the patch.
I've notice two things right off that would be helpful to users of this
patch:
1) The "net ads join" command says that it supports having the OU
for the computer's account specified on the command line. However,
reading through the source code, the specified OU never gets used. It
appears that it makes it all the way to the call to
ads_add_machine_acct(), but that function never uses the value passed to
org_unit when building the comp_dn string:
comp_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", hostname,
ads_ou_string(NULL), ads->config.bind_path);
Note that NULL is passed to ads_ou_string. Shouldn't org_unit get
passed there instead?
2) Given that the org_unit is ignored, I'm not sure whether this
second observation is valid or not... There doesn't appear to be a way
to specify an OU that is not "top level". For example, it doesn't
appear that one could use "net ads join" to create the computer's
account in "ou=Unix,ou=Servers,ou=NW Datacenter".
Thanks for the excellent work on Samba 3!
Thank you,
Garrick James
Washington Mutual UNIX Platform Services
More information about the samba-technical
mailing list