net ads join <-> cross realm trust

Gerald (Jerry) Carter jerry at samba.org
Wed Aug 8 16:42:11 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Miguel,

> At our site we have cross realm trust between AD and UNIX, 
> where the user accounts are located in AD and the service
> principals in UNIX.  Now it seems that net ads join creates
> computer account in AD along with a host principal (host/FQDN at AD)
> and a cifs service principal (cifs/FQDN at AD).  Because of the trust,
> wouldn't it be possible to create those service principals in the
> UNIX realm (where they actually belong).

If you are joining the machine to AD, then the machine SPN
belongs in AD.  If you want to put the machine as a principal
in the Unix realm and map it to an account in AD, that is up
to you.  But this is entirely different than joining the AD
domain from my perspective.



cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGufJjIR7qMdg1EfYRAoqnAJ4jOULg1SJ9MEhRl1ufnU1GjaOQ1wCgniCe
sIHlIBR5xgKnIQl17VG8MuQ=
=V4D4
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list