[Samba] Joining a domain controller with a conflict name

Ephi Dror ephi at agami.com
Thu Apr 14 17:17:01 GMT 2005 

Hi everyone,

Well, I think more enhancements to net join would be great, of course,
it would not solve all possible issues but it may cover more cases.

I also agree with Andrew regarding "computers list" in AD. Due to so
much testing we do, we also have many "dead" computer accounts which of
course taking on of those dead names will not be a problem however
taking a "live" name of someone else computer will make that guy unhappy
and if you take one of your server's name you make that system un
trusted by the domain and as a result of it many other clients can be
effected by it.
It might be windows bug, if they fail to create you a computer account
with a name already there it could solve this problem, it will make the
computers list more up to date also since you will have to remove dead
account in order to reuse its name. 

It would be nice if we enhance join domain process to what Windows does
or NetApp does, they try first Active Directory and if it fails they try
NT4 style, they try to discover domain controllers and so on.
I know it is not easy for us since we edit smb.conf ahead of time but
maybe in the future we should allow SAMBA itself to adjust smb.conf on
the fly...

One me thing I found lately that even when join domain succeed, it takes
few seconds for some domain to actually create the computer account and
if you don't wait and try "testjoin" it will fail.
I would recommend to add "testjoin" phase into join domain.

Thanks everyone who participate in this discussion I think as we try in
SAMBA 4 to be as compatible as possible to WINDOWS we can also try to
make the configuration management of it also be as easy as windows try
to do.

Cheers,
Ephi
 

-----Original Message-----
From: Jonathan Johnson [mailto:jon at sutinen.com] 
Sent: Thursday, April 14, 2005 8:15 AM
To: Tom Skeren
Cc: Andrew Bartlett; samba at lists.samba.org; Ephi Dror
Subject: Re: [Samba] Joining a domain controller with a conflict name



Tom Skeren wrote:

> Jonathan Johnson wrote:
>
>> Again, this is the responsibility of the network administrator. 
>> That's why a password is required to join a domain, so those who 
>> don't know the password (read: your users) can't mess up your 
>> network. As an administrator, it's your responsibility to make sure 
>> that a network name conflict does not occur, by knowing if there's a 
>> machine with THAT NAME on the network already.
>
> Yes, that's all fine and good, except when the boss allows some 
> visiting dignitary to plug his laptop into the ethernet port in the 
> conferernce room, etc.

Ah, office politics. So this means, to avoid offending the visiting
dignitary, we cannot ask him to rename his machine, but rather we must
rename our domain controller? :-) I suppose for this reason, it's good
to have "public access" ports and wireless access points on a firewalled
subnet.

~Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com

More information about the samba mailing list