> -----Original Message-----
> From: Nicolas Williams [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 03, 2008 5:38 PM
> To: Natalie Li
> Cc: Leopold, Corey; [email protected]
> Subject: Re: [storage-discuss] B85 CIFS - Active Directory - Kerberos
>
> On Thu, Apr 03, 2008 at 03:40:13PM -0700, Natalie Li wrote:
> > The smbadm CLI does create the computer account with
> > servicePrincipalName attribute. See the following output of the
> dsquery:
>
> But it didn't for me; did I do something wrong? Corey, what about
your
> case?
Not there, I also checked a previous account created with b79a and not
on that one either. See full listing Below...
I do have a secondary question though... Shouldn't CIFS shares also be
checking this host principal, and fail authentication if it is
non-existent? My understanding is that these keys prevent man in the
middle attacks?
Corey
C:\Documents and Settings\administrator>dsquery * cn=xxx,cn=comp
uters,dc=xxx,dc=com -scope base -attr *
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: xxx
distinguishedName: CN=xxx,CN=Computers,DC=xxx,DC=com
instanceType: 4
whenCreated: 03/27/2008 16:59:34
whenChanged: 03/27/2008 16:59:35
uSNCreated: 500216
uSNChanged: 500224
name: xxx
objectGUID: {6C3E6601-EB99-44D8-84A2-00985F6FC9BF}
userAccountControl: 593920
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 128517697893488678
localPolicyFlags: 0
pwdLastSet: 128511107748403829
primaryGroupID: 515
objectSid: S-1-5-21-1651275576-3096177869-2280500612-1636
accountExpires: 9223372036854775807
logonCount: 34
sAMAccountName: xxx$
sAMAccountType: 805306369
operatingSystem: Windows NT
operatingSystemVersion: 4.0
userPrincipalName: host/[EMAIL PROTECTED]
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=xxx,DC=com
isCriticalSystemObject: FALSE
ADsPath: LDAP://xxx.xxx.com/cn=xxx,cn=computers,dc=xxx,d
c=com
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
