For a variety of reasons, our Redhat 6 boxes have primary DNS FQDNs that
don't match our Win2008r2 AD deployment... the Linux boxes being in a
variety of <hostname>.<subdomain>.<ourdomain> while the AD is
ds.<ourdomain>. This surprisingly doesn't cause us that much grief, so
long as we're diligent about keeping our servicePrincipalNames
maintained on the computer accounts in AD.
I'm working on a script, patterned after Sun's "adjoin.sh", that
automatically register and join our Redhat boxes to the domain. It
creates the machine account via LDAP, and then joins the domain using
"net ads join", and I let Samba generate the /etc/krb5.keytab.
Unfortunately, even if I pre-populate the servicePrincipalName when
creating the machine account, "net ads join" will go in and replace it,
putting in only the SPN corresponding to the domain and removing the
HOST/<hostname>.<FQDN> already in there. Is there any way to tell Samba
to leave that alone, or to include some extra SPNs? AD won't let me
repair the SPNs afterward via LDAP calls.
Redhat 6 comes with Samba 3.5.6 by default, it seems.
As an alternative, I can "join" the machine to the domain myself, using
kpasswd and ktutil to generate krb5.keytab. How essential is it that
Samba do it itself? What "extras" get done?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
