On Tue, 2003-02-11 at 09:06, Antti Andreimann wrote: > Hi! > > I have done some changes to enable users w/o full administrative access on > computer accounts to join a computer into AD domain. > > The patch and detailed changelog is available at: > http://www.itcollege.ee/~aandreim/samba > > This is a list of changes in general: > > 1. When creating machine account do not fail if SD cannot be changed. > setting SD is not mandatory and join will work perfectly without it.
This would also be useful in making life easier for early AD-replacement efforts. > 2. Implement KPASSWD CHANGEPW protocol for changing trust password so > machine account does not need to have reset password right for itself. Now I see what you were trying to say on IRC. Yes, this looks very useful! > 3. Command line utilities no longer interfere with user's existing > kerberos ticket cache. > 4. Command line utilities can do kerberos authentication even if > username is specified (-U). Initial TGT will be requested in this case. Nice! > 5. new "local realms" global configuration option for situations where You > need to map users from more than one realm. This is useful for > situations where ADS is configured to trust an external kerberos server > and all kerberos users are duplicated in AD. I'm not quite convinced about this. I'm quite willing (but see below) to apply the rest of this patch, but I'll need a good explanation of what this patch does. > The patch is against CVS version as of 04.02.2003 and has been alpha tested > (a clean RPM build, multiple joins and host pwd changes). > I would be grateful if somebody authorized to do CVS commits can review my > patch and incorporate it into sambas' code. We need patches to be against current CVS - the patch does not apply cleanly at present. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part