-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ephi Dror wrote:
> In particular, of course is the "userPrincipalName" > which is used by winbindd. What version are you running ? Current versions of winbindd (3.0.23+) do not use the UPN for obtaining the TGT since we do not create that attribute by default when joining the domain any more. We are only guaranteed that the sAMAccountName attribute exists. > As you can see below, one system missing some info and > the other system missing other info. > > I quickly used ldapmodify command to add the missing > info that I expected SAMBA to do when it joined > the domain and things started to work as a Swiss Watch. > > I would appreciate if anyone have any idea for the following: > 1. Why not all attributes SAMBA wanted to add at ads_ > add_machine_acct() was actually added? Was it > something wrong with my AD? My guess is that you are working with either an old machine object or an older version of Samba. there is no need for the UPN unles you justr have to 'kinit -k' working from a keytab file. > 2. Why I did not get any warning that things were not > fully written to AD or not fully at the AD already? See above. > 3. Why not failing the join domain if the info is not there, I mean > winbindd can't possibly continue without for example having > "userPrincipalName" in the computer object. Not true. btw...if you are mising the SPN attribute clients will never be able to obtain a service ticket for our Samba host. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE72Q5IR7qMdg1EfYRAvW3AKCnUxP6etF81epfIs/HkpR7s/qdSgCfRLt4 BavcXbMKhtu+xYoCzgknZ0E= =4YUJ -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
