On Mon, 2011-11-21 at 17:27 +0100, Ondrej Valousek wrote:
On 11/21/2011 04:47 PM, Marko Myllynen wrote:
> when you operate as the user who has privileges to join machines to the
> domain you can also do direct modifications of those hosts' LDAP
> attributes. However, if you have only the privileges of the principal
> from the host keytab, you don't have permissions to change the machine
> attributes.
Thanks for this update - I was too lazy to check myself :-)
This leaves us with the single option - set the attributes upon the
client join time using admin privileges, right?
If so against which component should I submit the RFE, against samba
or sssd?
I think I have heard the 'net' command is going to be a part of the
sssd package in the future, but I might be wrong....
File it against samba. The 'net' command is always going to remain a
part of samba/winbind. SSSD might pull it in at some point, but it will
be a dependency, not an internal component.