Draft #3: Re: [patch] net ads join rework
Gerald (Jerry) Carter
jerry at samba.org
Thu May 11 05:38:19 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 10 May 2006, Gerald (Jerry) Carter wrote:
> Here's some data points from a Win2k client join an Windows 2000
> AD domain.
> The HOST/shortname and HOST/fqdn SPN are added during the
> subsequent reboot after a join as is the dNSHostName.
> If the dNSHostName is outside the realm's DNS name,
> the AD DC throws a constraint error for the ldap modify.
> The client continues to attempt to create these principals
> during each reboot. And of course, with the SPN values,
> and TGS_REQ queries fail and so the SMBsesssetup falls
> back to NTLMSSP.
> Checking a WinXP client, I see the same LDAP modify
> request but withour the control
> and the dNSHostName mod succeeds regardless of whether the
> domain matches the realm or not.
> I only see HOST/xxx being created and not CIFS/xxx. Was
> this something introduced in Windows 2003 ? I think I've
> asked this before but don't remember the answer.
I've tried with an XP client joining a CIFS domain and I still don't
see the CIFS/xxx SPN. Although I have seen an XP client use theis
principal name in the TGS_REQ prior ot an SMBsesssetup&X.
I'll search the archives since I know this has been answered before.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical