[Samba] Kerberos Keytab Code Update in 3.0.23

Gerald (Jerry) Carter jerry at samba.org
Thu Jul 13 21:34:37 GMT 2006

Hash: SHA1

Scott Armstrong wrote:

>> Or I could add a switch to 'net ads join' that said 
>> "create the UPN".  I don't really want to make it
>> default behavior.  Would that be acceptable?
> That would be fine although if you can allow the format 
> of the hostname to be controllable that would be a bonus. I
> think allowing as much as possible to be done at the
> time the machine account is created is best.

I'll have to check on the semantic checking for
the UPN attribute. I'd rather (for safety's sake)
just give it a value:  host/${dNSHostName} attribute.
That way we know we are consistent.

> It's pretty labor intensive to have to log onto the
> Windows DC afterward and run ADSIEdit in order to achieve
> the same result that was the default before the code rewrite.

Yeah but the previous default required you to have more
rights that Windows client required so we got slammed for

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the samba mailing list