need to re-evaluate enumerating users

Andrew Bartlett abartlet at
Thu Nov 10 21:20:24 GMT 2005

On Thu, 2005-11-10 at 13:14 -0600, Gerald (Jerry) Carter wrote:

> For the principal names:
> Scenario (a) uses OURDOMAIN at TRUSTED.REALM
> Scenario (b) always uses RPC
> Scenario (c) users the sAMAccountName at OUR.REALM for
> security = domain (the account created when we join the domain
> has no SPN).  Otherwise we use the host/global_myname()@OUR.REALM
> SPN.

I'm surprised by the use of the host/global_myname()@OUR.REALM bit,
because I thought that kinit only worked for samAccountName at OUR.REALM

Clearly I need to do more testing, because I had coded the Samba4 KDC up
with that assumption...

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list