Hey Brandon. How are you?
Just taking a guess but I would start with Change Password
since kpasswd I believe takes the old and new passwords right? You might want to
touch bases with Slav (see Vern) as he might know for sure having played with
that stuff for a couple of years to kerberize UX and Solaris. I recall there was
a join issue that was encountered that necessitated re-looking at the
permissions delegated to the machine accounts even for Windows joins from what
was previously assigned. Joining the SAN devices was always a pain in the rear
and I recall it had to be done by DA there for a bit but the vendors were
supposed to fix that. Again, ping Vern.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.)
Sent: Wednesday, January 11, 2006 3:27 PM
To: [email protected]
Subject: [ActiveDir] Rights needed for...
Does anyone know what rights are acutally used during a join to perform the kpasswd function on the computer object? This doesn't really affect windows host since the traces (at least in my environment) shows them using NTLM for the password change.
I'm told "Reset Password" should be it, but that’s only on the NTLM side… Any suggestions are very much appreciated. Thanks in advance!
-Brandon
