[Samba] Running off pre-created keytabs

[L.P.H. van Belle]

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Osipov, Michael via samba
> Verzonden: vrijdag 11 januari 2019 9:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Running off pre-created keytabs
> 
> 
> 
> Am 2019-01-10 um 17:02 schrieb L.P.H. van Belle via samba:
> > Hai,
> > 
> > And you are not looking for this?
> > 
> https://wiki.samba.org/index.php/Delegation/Joining_Machines_t
> o_a_Domain
> 
> That would be charming, but the company is too big that someone would 
> easily grant me that permission. I will enquire with that.
> 

If the company is too big and nobody is granting that permission.
Then it is saying more about the company ( or you, try not to be offending here) then samba. 
I'll blaim the company..  ;-) 

And in responce of. 
> While it sounds for you trivial to have an admin account, in our huge 
> new forest (Siemens and MS claim it to be the largest one on 
> the planet) 
> it is very strict about permissions after severe incident in the last 
> forest. It took us weeks to find someone who is willing to join our 
> servers once in a while. I guess this can be/is the case in 
> many large 
> companies. Morover, I will request a server which shall precreate 
> machine accounts. This will make us independent from humans, 
> but Samba 
> won't play well with that. At last, if the colleague is on 
> sick leave or 
> else and we have to reset the account for whatsoever reason, 
> we are bust!

Yes, but that a company policy problem and not a samba problem. 
Also you must understand that in my optinion this is normal a procedure.
Because else it would be very easy to put a compromizing machine in to the domain. 

So my best advice, ask for the delegation as shown in the links, if you dont get these and you dont have any other admin rights.
Then you are (a 6 letter word here... ).. 

Greetz, 

Louis