net ads join <-> cross realm trust
Miguel Sanders
miguelsanders at telenet.be
Wed Aug 8 17:41:38 GMT 2007
Jerry
What exactly do you mean by mapping it to an account in AD? Could you give a small example?
----- Original Message -----
From: Gerald (Jerry) Carter
To: miguelsanders at telenet.be
Cc: samba-technical at lists.samba.org
Sent: Wednesday, August 08, 2007 6:42 PM
Subject: Re: net ads join <-> cross realm trust
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Miguel,
> At our site we have cross realm trust between AD and UNIX,
> where the user accounts are located in AD and the service
> principals in UNIX. Now it seems that net ads join creates
> computer account in AD along with a host principal (host/FQDN at AD)
> and a cifs service principal (cifs/FQDN at AD). Because of the trust,
> wouldn't it be possible to create those service principals in the
> UNIX realm (where they actually belong).
If you are joining the machine to AD, then the machine SPN
belongs in AD. If you want to put the machine as a principal
in the Unix realm and map it to an account in AD, that is up
to you. But this is entirely different than joining the AD
domain from my perspective.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGufJjIR7qMdg1EfYRAoqnAJ4jOULg1SJ9MEhRl1ufnU1GjaOQ1wCgniCe
sIHlIBR5xgKnIQl17VG8MuQ=
=V4D4
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list