[Samba] Kerberos Keytab Code Update in 3.0.23

[Doug VanLeuven]

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Doug VanLeuven wrote:
>> Gerald (Jerry) Carter wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Doug,
>>>
>>>> File a bug report if you believe this to be true.  I'm not at 3.0.23
>>>> right now and don't have the time to try it
>>>> here.  I wouldn't want to lose this. I did see a mention
>>>> they dropped support of joins from machines where
>>>> the domain differs from the realm, but haven't had time to check
>>>> this. There has been a rewrite of the
>>>> ads join code since 3.0.22.
>>> Doug,
>>>
>>> You should probably review my comments to Scott. Keytab
>>> support is being rewritten, not dropped.
>> I was saying dns domain not equal realm dropped
>> and rewrite ads join code
> 
> No it wasn't.  I run with this on a daily basis.
> Perhaps something else is attributing to your failures.
> 
First, I'm not having failures.  I was commenting information
I believed I read.
So what did you mean in this post:
http://marc.theaimsgroup.com/?l=samba&m=115193492903190&w=2

qoute:
 > You were right. ( as usual.. )
 > I had the wrong FQDN on the samba server.
 > After reconfiguring my network and I got the FQDN back
 > from 'hostname' the join worked as planned.

For the record, this is what WinXP does as well.
You cannot join a WinXP box to a domain using a non-admin
account if the client's FQDN is outside the AD domain.

I agree this is a change from previous Samba version,
but then previous Samba releases always required domain
admin creds to join.
endquote

Did you mean if one joins with non-admin credentials
it no longer works, but if one's credentials are
administrative it still works?

I understand previously joined machines still work.

Not trying to be a wise guy, just trying to understand.

Regards, Doug