Draft #3: Re: [patch] net ads join rework
Guenther Deschner
gd at samba.org
Wed May 10 21:39:36 GMT 2006
Hi Jerry,
On Wed, May 10, 2006 at 01:53:02PM -0700, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Another rev of the modified net ads join code
> and ADS_STRUCT rewrite:
>
> New version of the patch to fix segv in the printer
> publishing code and in idmap_ad. Thanks to Guenther
> for pointing our the segv in check_published_printers().
>
> The other concerns brought which are not addressed yet
> is that a machine account created with the new ads join
> code has a different UPN/SPN that the old code. Still
> looking into this.
At least those attributes are settable via LDAP post the rpc join when
just binding with the machine account (no admin privs needed):
dNSHostName: mthelena.ber.suse.de
servicePrincipalName: CIFS/mthelena.ber.suse.de
servicePrincipalName: HOST/mthelena.ber.suse.de
servicePrincipalName: CIFS/mthelena
servicePrincipalName: HOST/mthelena
(note that you can't add the fqdn SPNs before the dNSHostName is set).
remains only the UPN which neither the machine account nor the privileged
user (not an admin) can change via LDAP.
Cheers,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Novell / SUSE LINUX gd at suse.de
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060510/f7b80262/attachment.bin
More information about the samba-technical
mailing list