setting dNSHostName at join

Gerald (Jerry) Carter jerry at
Tue Feb 27 02:03:19 GMT 2007

Hash: SHA1


If case the IRC logs gets lost....

(6:45:35 PM) gd: coffeedude: we need to be more
	graceful when joining and name_to_fqdn fails
	and where we are not using a keytab.
(6:46:16 PM) gd: coffeedude: also assuming that we can
	always write to "dnsHostName" is invalid.

(7:54:11 PM) coffeedude: gd: I disagree.
(7:55:03 PM) coffeedude: gd: if we can't get a valid
	fqdn krb5 cannot work.  I think it it is better
	to fail upfront than to leave an admin scratching
	his/her head later on.
(7:55:56 PM) coffeedude: gd: the current model does
	exactly what XP does.
(7:56:14 PM) coffeedude: gd: if we cannot update the hostname
	and SPN in AD, the just use security = domain.
(7:56:57 PM) coffeedude: gd: if you have a specific
	environment where this is failing and Windows is
	working, then we should do what Windows does.  But
	based on my invesigations, if Windows cannot
	update the dNSHostName or SPN it will fail the join.
(7:59:24 PM) coffeedude: gd: I should clarify, Windows
	XP will fail.  Windows 2000 will join but Krb5
	will never be available.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list