On 11/21/2011 04:47 PM, Marko Myllynen wrote:
when you operate as the user who has privileges to join machines to
the
domain you can also do direct modifications of those hosts' LDAP
attributes. However, if you have only the privileges of the principal
from the host keytab, you don't have permissions to change the machine
attributes.
Thanks for this update - I was too lazy to check myself :-)
This leaves us with the single option - set the attributes upon the client join time using
admin privileges, right?
If so against which component should I submit the RFE, against samba or sssd?
I think I have heard the 'net' command is going to be a part of the sssd package
in the future, but I might be wrong....
Ondrej