Privileges required to join windows domains
Sam Liddicott
sam at liddicott.com
Wed Mar 21 08:24:12 MDT 2012
Samba4 libnetjoin considers failure to set msDS-SupportedEncryptionTypes to
be fatal unless the error was LDB_ERR_NO_SUCH_ATTRIBUTE
However, windows domains long have a tradition of admin privileges not
being required to join the domain, as well as being able specifically
specify a user or group who may join a machine to the domain if the machine
account is pre-created. In these cases the msDS-SupportedEncryptionTypes
attribute cannot be set when joining the domain.
I think that failure to set msDS-SupportedEncryptionTypes merits a warning,
not a fatal error. Anyone disagree?
Sam
More information about the samba-technical
mailing list