Prev: Failed to join domain: failed to set machine spn: Constraint violation
Next: Question re: samba 4 feature set
From: Volker Lendecke on 16 Dec 2008 07:50
On Tue, Dec 16, 2008 at 06:36:24AM -0600, Gerald (Jerry) Carter wrote:
> > Failing is the right thing to do in an MS-DNS/AD-Integrated
> > environment, however for non-MS DNS environments disabling is
> > going to be cleaner.
>
> Failing is the right thing to do period because without setting
> the attributes you can't do Krb5 auth. Maybe you should be using
> "security = domain" instead.

That together with "winbind rpc only = yes" from 3.2. I can
provide a patch for earlier versions if needed.

Volker
From: Gerald (Jerry) Carter on 16 Dec 2008 08:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Green wrote:
> Cross-wires (.....)
>
> AD record update (SPN or DNS) failing absolutely the right thing to do ... no question.
>
> DDNS Fail - disable option would be good ... only
> talking about this... not the AD bit...


Ahh..ok. gotcha. Sorry for the misfire.





jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR6a0IR7qMdg1EfYRAq2KAJ9t02IzDFmKrFZMWCLZ1HJ5VBv3+gCgmLXm
2NC0Ro4ZNnZxa+lZ2rlWHTg=
=fs9X
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
From: Gerald (Jerry) Carter on 16 Dec 2008 09:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Green wrote:
> :)... so command-line or config option do'able?

Yeah. I'll see what I can do. Command line option probably.

$ net ads join --disable-dns-update

Look ok ? If so, I'll see if I can find some time real soon now.




cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR7KmIR7qMdg1EfYRAssTAKCgx2OqfjhnpJnbIwC1fu1tZJ9wVQCfT5Sc
ZnickQA8ime2Xe6WN0Fozcc=
=PvJ5
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
From: Gerald (Jerry) Carter on 16 Dec 2008 09:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Green wrote:
> Looks fine... :)... chances this makes it into the main stream
> for vendor adoption?

Yeah. I don't do anything that doesn't go upstream. Unless it is
really ugly.




cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR7QtIR7qMdg1EfYRAipNAJ9LYaQJH0/CqPOpiWyadWjx2/xWvwCfSjkN
ziAIVy4R/wsC/w7Wj03CwvY=
=Q/R3
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
First  |  Prev  | 
Pages: 1 2
Prev: Failed to join domain: failed to set machine spn: Constraint violation
Next: Question re: samba 4 feature set