setting dNSHostName at join
Gerald (Jerry) Carter
jerry at samba.org
Tue Feb 27 02:03:19 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guenther,
If case the IRC logs gets lost....
(6:45:35 PM) gd: coffeedude: we need to be more
graceful when joining and name_to_fqdn fails
and where we are not using a keytab.
(6:46:16 PM) gd: coffeedude: also assuming that we can
always write to "dnsHostName" is invalid.
(7:54:11 PM) coffeedude: gd: I disagree.
(7:55:03 PM) coffeedude: gd: if we can't get a valid
fqdn krb5 cannot work. I think it it is better
to fail upfront than to leave an admin scratching
his/her head later on.
(7:55:56 PM) coffeedude: gd: the current model does
exactly what XP does.
(7:56:14 PM) coffeedude: gd: if we cannot update the hostname
and SPN in AD, the just use security = domain.
(7:56:57 PM) coffeedude: gd: if you have a specific
environment where this is failing and Windows is
working, then we should do what Windows does. But
based on my invesigations, if Windows cannot
update the dNSHostName or SPN it will fail the join.
(7:59:24 PM) coffeedude: gd: I should clarify, Windows
XP will fail. Windows 2000 will join but Krb5
will never be available.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF45FnIR7qMdg1EfYRAjJ3AKDXCuapqGq/qfVz/O1BHKyvZAocUwCeNccR
MhkG5/h3cbLxPaDorQYdO60=
=jKVz
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list