[PATCH] Allow domain == realm in provision if we are doing an AD DC domain join
mat at samba.org
Thu Apr 11 00:28:36 MDT 2013
On 04/09/2013 09:14 AM, Andrew Bartlett wrote:
> On Tue, 2013-04-09 at 14:23 +0200, Michael Adam wrote:
>> On 2013-04-09 at 00:15 -0700, Matthieu Patou wrote:
>>> On 04/08/2013 03:17 AM, Andrew Bartlett wrote:
>>>> This patch is pretty simple, it should fix up the case where we need to
>>>> join an existing AD domain that uses the same string for the netbios
>>>> domain name as the dns domain name.
>>>> samdb_fill == FILL_DRS indicates that we are preparing to join an
>>>> existing DC, rather than filling in a domain from the templates.
>>> The patch looks good, but I want to understand why are not accepting
>>> this case when windows (I suspect) is accepting it.
>>> Is there any assumption in our code that has domain!=realm ?
>> Same question and comment here.
> The reason we do this is that to the novice admin, domain and realm are
> fairly meaningless terms, and highly prone to error. Once selected, we
> can't change them, so we want folks to get it right.
Ok sounds good to me we indeed wants to allow to join a domain even if
it has a poorly domain and realm.
Reviewed-by: Matthieu Patou <mat at matws.net>
> You almost never want them to be the same, so we enforce that best
> practice as a requirement in Samba's AD DC. Except for the upgrade
> case, I've never had any complaints about it, which is why I only relax
> that case.
More information about the samba-technical