Draft #4: Re: [patch] net ads join rework
Gerald (Jerry) Carter
jerry at samba.org
Fri May 12 05:06:36 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gerald (Jerry) Carter wrote:
> ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn);
> ads_mod_strlist(ctx, &mods, "servicePrincipalName",
> servicePrincipalName);
> #if 0
> ads_mod_str(ctx, &mods, "userPrincipalName", host_upn);
> ads_mod_str(ctx, &mods, "operatingSystem", "Samba");
> ads_mod_str(ctx, &mods, "operatingSystemVersion",
> SAMBA_VERSION_STRING);
> ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
> #endif
> status = ads_gen_mod(ads_s, new_dn, mods);
Just found this out. If you look at the sec_desc on the
machine object using adsiedit, you'll find that SELF is given
"validated write to DNS Host Name" and "validated write to
service principal name" permissions.
So that explains the behavior I'm seeing.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEZBfcIR7qMdg1EfYRAqFdAKDejs1ZboCuJdpi2Va6rBqUFtnmhgCgviFX
2AGtl+RFOGMRfSt6K6dEkic=
=u2zK
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list