This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 224091 - Support creation of AD/NT domain computer accounts
Support creation of AD/NT domain computer accounts
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
bzcl34nup
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-23 19:42 EST by Rudi Chiarito
Modified: 2008-05-01 11:39 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rudi Chiarito 2007-01-23 19:42:48 EST
Description of problem:
Integration into existing Windows networks would be easier if we had a way to
create a computer account as part of the installation process. Right now this
needs to be done manually after the installation, using Samba's net command.

An interactive option at installation time or a kickstart option would be ideal.
The problem with the latter is that AD requires a valid Kerberos ticket, which
in turn means having someone entering a password so that their credentials can
be then passed around. This is not impossible to achieve (if the user can get
forwardable tickets); it mostly requires a mechanism to be established for this
kind of things. One option would be to pass the user ticket through the
kickstart server onto the machine being installed; another would be for the
account to be created by the kickstart server, which would then pass the
computer credentials. In either case, there would need to be a way to keep the
process secure.

The above could be scripted somehow in the post-installation stage, but I have
the feeling that solving the problem once for all would be more effective than
having everyone reinvent the wheel again and again - poorly or at least in a
half-baked fashion.
Comment 1 Jeremy Katz 2007-01-29 14:52:09 EST
authconfig needs to be able to handle this before anaconda can even think about
it.  We use authconfig pretty much everywhere for setting this stuff up.
Comment 2 Bug Zapper 2008-04-04 01:42:46 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Note You need to log in before you can comment on or make changes to this bug.