On 9/10/2010 9:04 PM, Nicholas Betcher wrote:
Hello, When I attempt to join the domain using YaST (openSUSE's system configuration tool) or 'net join DOMAIN,' it prompts me for a network admin's username/password. The IT network admin already manually joined the machine to the network's AD domain (server-side), but Samba still needs a username/password. The workstations are batch-installs and are unattended, so we need a way to allow the machine to authenticate users without providing the admin password each time. So my question is: why does Samba ask for a network username/password even though the machine was already manually joined by the network admin to the AD domain server? Is there a way to circumvent this while preserving the workstation's ability to authenticate network users?
Part of the join is to setup the shared secrets between AD and the machine. (password on computer account in AD, and a krb5.keytab on the Unix side.) You said the AD admin did the server side, with the batch-installs being done at a different time. This would indicate that the install needs a way of using the same password the admin assigned to the computer account to create a krb5.keytab or, as it looks like in your situation, the batch-install want to reset the password and create a matching krb5.keytab file but this then requires AD admin authority.
P.S. Yes, I did post about this already - and received no reply - but hopefully this email has less erroneous information. Thanks! Nick Betcher
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
