[PATCH] Allow domain == realm in provision if we are doing an AD DC domain join
Andrew Bartlett
abartlet at samba.org
Tue Apr 9 10:14:30 MDT 2013
On Tue, 2013-04-09 at 14:23 +0200, Michael Adam wrote:
> On 2013-04-09 at 00:15 -0700, Matthieu Patou wrote:
> > On 04/08/2013 03:17 AM, Andrew Bartlett wrote:
> > >This patch is pretty simple, it should fix up the case where we need to
> > >join an existing AD domain that uses the same string for the netbios
> > >domain name as the dns domain name.
> > >
> > >samdb_fill == FILL_DRS indicates that we are preparing to join an
> > >existing DC, rather than filling in a domain from the templates.
> >
> > The patch looks good, but I want to understand why are not accepting
> > this case when windows (I suspect) is accepting it.
> >
> > Is there any assumption in our code that has domain!=realm ?
>
> Same question and comment here.
The reason we do this is that to the novice admin, domain and realm are
fairly meaningless terms, and highly prone to error. Once selected, we
can't change them, so we want folks to get it right.
You almost never want them to be the same, so we enforce that best
practice as a requirement in Samba's AD DC. Except for the upgrade
case, I've never had any complaints about it, which is why I only relax
that case.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list