[Samba] Kerberos Keytab Code Update in 3.0.23

Gerald (Jerry) Carter jerry at samba.org
Thu Jul 13 21:34:37 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Armstrong wrote:

>> Or I could add a switch to 'net ads join' that said 
>> "create the UPN".  I don't really want to make it
>> default behavior.  Would that be acceptable?
>
> That would be fine although if you can allow the format 
> of the hostname to be controllable that would be a bonus. I
> think allowing as much as possible to be done at the
> time the machine account is created is best.

I'll have to check on the semantic checking for
the UPN attribute. I'd rather (for safety's sake)
just give it a value:  host/${dNSHostName} attribute.
That way we know we are consistent.

> It's pretty labor intensive to have to log onto the
> Windows DC afterward and run ADSIEdit in order to achieve
> the same result that was the default before the code rewrite.

Yeah but the previous default required you to have more
rights that Windows client required so we got slammed for
that.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEtrxtIR7qMdg1EfYRAvi4AJ0VrM6Y1GstFg9eN4z9F1I04ChC5ACg3AyS
y8sHkxCVnMo9FyFDFDqACH8=
=Etdm
-----END PGP SIGNATURE-----


More information about the samba mailing list