[Samba] Kerberos Keytab Code Update in 3.0.23
roamdad at sonic.net
Thu Jul 20 21:48:02 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Doug VanLeuven wrote:
>> Gerald (Jerry) Carter wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>> File a bug report if you believe this to be true. I'm not at 3.0.23
>>>> right now and don't have the time to try it
>>>> here. I wouldn't want to lose this. I did see a mention
>>>> they dropped support of joins from machines where
>>>> the domain differs from the realm, but haven't had time to check
>>>> this. There has been a rewrite of the
>>>> ads join code since 3.0.22.
>>> You should probably review my comments to Scott. Keytab
>>> support is being rewritten, not dropped.
>> I was saying dns domain not equal realm dropped
>> and rewrite ads join code
> No it wasn't. I run with this on a daily basis.
> Perhaps something else is attributing to your failures.
First, I'm not having failures. I was commenting information
I believed I read.
So what did you mean in this post:
> You were right. ( as usual.. )
> I had the wrong FQDN on the samba server.
> After reconfiguring my network and I got the FQDN back
> from 'hostname' the join worked as planned.
For the record, this is what WinXP does as well.
You cannot join a WinXP box to a domain using a non-admin
account if the client's FQDN is outside the AD domain.
I agree this is a change from previous Samba version,
but then previous Samba releases always required domain
admin creds to join.
Did you mean if one joins with non-admin credentials
it no longer works, but if one's credentials are
administrative it still works?
I understand previously joined machines still work.
Not trying to be a wise guy, just trying to understand.
More information about the samba