On Mon, 2011-11-21 at 14:01 +0100, Ondrej Valousek wrote:
On 11/21/2011 01:34 PM, John Hodrien wrote:
> Do you want it maintained or merely created correctly in the first place?
>
> If you're joining with AD, couldn't you do:
>
> net ads join osName=CentOS osVer=6
>
Ok, I did not know about that one (also no mention about it in "man
net"). So thanks.
Perhaps having it created (via the "net" command) would be easier to
implement right now but it have disadvantages (attribute won't change
as I update the system).
Centrify does this this way:
[ondrejv@ara /]$ cat /etc/redhat-release
Red Hat Enterprise Linux Client release 5.6 (Tikanga)
is parsed as:
OperatingSystem = Red Hat Enterprise Linux Client
OperatingSystemVersion = 5.6 (Tikanga)
OperatingSystemServicePack = CentrifyDC 4.3.0 -- here we could
possibly have something like Samba 3.6 or SSSD 1.8 or something like
that
All attributes are arbitrary strings.
Summary:
- I do not know whose responsibility would this be (if sssd or samba)
or how happily would this RFE be accepted (thanks Stephen for the
offer) so I wanted to discuss here before submitting a RFE
- I would also like to see something like this in the pure IPA domains
if possible
- also question if it is easier to have attributes above
created/updated upon machine join or if it is OK to maintain it
updated on-the-fly.
The problem with having this updated on-the-fly is that it implies (by
necessity) that client applications have to have privilege to change
this at whim. That means that this information cannot be used as
authoritative (since the client could very possibly be lying about
this). I think it's probably better to rely on setting it at join time
with 'net ads' and then only allow it to be changed by an administrator
later.