[Samba] Samba v3.0.23c + FreeBSD 6.1 - Failed to
set servicePrincipalNames
Gerald (Jerry) Carter
jerry at samba.org
Fri Nov 10 19:15:38 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raj Pagaku wrote:
> Thanks Jerry for your response. It is case (b). The fqdn of the local
> machine is set to a domain outside the AD domain name and the user
> credentials being used is 'Domain User' and not a 'Domain Admin'.
>
> Do we need 'Domain Admin' if the local machine domain is outside the AD
> domain name? Is this a restriction that will be addressed in the near
> future?
This is an AD restriction on the default security assigned
to a computer object. When a non-admin is given the right
to join a specific machine to the domain, that user is only
granted validated write access to thye DnsHostName and
servicePrincipalName attributes. A Windows XP box would fail
to join the domain in the same way.
This doc explains it:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/control_access_rights.asp
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFVM/aIR7qMdg1EfYRAhswAKDYOM4LWTHDgsQGKv195kwT9Quo5wCg6xfA
NhDch9dN3aADNwSpQ70fxAE=
=VrII
-----END PGP SIGNATURE-----
More information about the samba
mailing list