Leopold, This fix will be available in B88.
Regards, Natalie Natalie Li wrote: >I've filed the following CR: > >6684686 smbadm join CLI doesn't always create all the necesssary attributes in >a system's AD computer object > >The smbadm join CLI does create the computer object with the >servicePrincipalName, along with other attributes. Unfortunately, the >NETLOGON credential chain establishment, which happens after the >creation of the computer object and ksetpw operation, has occasionally >reset the servicePrincipalName and dNSHostnName attributes of the object. > >Regards, > >Natalie > >Leopold, Corey wrote: > > > >> >> >> >> >>>-----Original Message----- >>>From: Nicolas Williams [mailto:[EMAIL PROTECTED] >>>Sent: Thursday, April 03, 2008 5:38 PM >>>To: Natalie Li >>>Cc: Leopold, Corey; [email protected] >>>Subject: Re: [storage-discuss] B85 CIFS - Active Directory - Kerberos >>> >>>On Thu, Apr 03, 2008 at 03:40:13PM -0700, Natalie Li wrote: >>> >>> >>> >>> >>>>The smbadm CLI does create the computer account with >>>>servicePrincipalName attribute. See the following output of the >>>> >>>> >>>> >>>> >>>dsquery: >>> >>>But it didn't for me; did I do something wrong? Corey, what about >>> >>> >>> >>> >>your >> >> >> >> >>>case? >>> >>> >>> >>> >>Not there, I also checked a previous account created with b79a and not >>on that one either. See full listing Below... >> >>I do have a secondary question though... Shouldn't CIFS shares also be >>checking this host principal, and fail authentication if it is >>non-existent? My understanding is that these keys prevent man in the >>middle attacks? >> >>Corey >> >>C:\Documents and Settings\administrator>dsquery * cn=xxx,cn=comp >>uters,dc=xxx,dc=com -scope base -attr * >>objectClass: top >>objectClass: person >>objectClass: organizationalPerson >>objectClass: user >>objectClass: computer >>cn: xxx >>distinguishedName: CN=xxx,CN=Computers,DC=xxx,DC=com >>instanceType: 4 >>whenCreated: 03/27/2008 16:59:34 >>whenChanged: 03/27/2008 16:59:35 >>uSNCreated: 500216 >>uSNChanged: 500224 >>name: xxx >>objectGUID: {6C3E6601-EB99-44D8-84A2-00985F6FC9BF} >>userAccountControl: 593920 >>badPwdCount: 0 >>codePage: 0 >>countryCode: 0 >>badPasswordTime: 0 >>lastLogoff: 0 >>lastLogon: 128517697893488678 >>localPolicyFlags: 0 >>pwdLastSet: 128511107748403829 >>primaryGroupID: 515 >>objectSid: S-1-5-21-1651275576-3096177869-2280500612-1636 >>accountExpires: 9223372036854775807 >>logonCount: 34 >>sAMAccountName: xxx$ >>sAMAccountType: 805306369 >>operatingSystem: Windows NT >>operatingSystemVersion: 4.0 >>userPrincipalName: host/[EMAIL PROTECTED] >>objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=xxx,DC=com >>isCriticalSystemObject: FALSE >>ADsPath: LDAP://xxx.xxx.com/cn=xxx,cn=computers,dc=xxx,d >>c=com >>_______________________________________________ >>storage-discuss mailing list >>[email protected] >>http://mail.opensolaris.org/mailman/listinfo/storage-discuss >> >> >> >> > >_______________________________________________ >storage-discuss mailing list >[email protected] >http://mail.opensolaris.org/mailman/listinfo/storage-discuss > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
