Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 224091 - Support creation of AD/NT domain computer accounts
Summary: Support creation of AD/NT domain computer accounts
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: authconfig
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: bzcl34nup
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-24 00:42 UTC by Rudi Chiarito
Modified: 2018-03-22 20:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Rudi Chiarito 2007-01-24 00:42:48 UTC
Description of problem:
Integration into existing Windows networks would be easier if we had a way to
create a computer account as part of the installation process. Right now this
needs to be done manually after the installation, using Samba's net command.

An interactive option at installation time or a kickstart option would be ideal.
The problem with the latter is that AD requires a valid Kerberos ticket, which
in turn means having someone entering a password so that their credentials can
be then passed around. This is not impossible to achieve (if the user can get
forwardable tickets); it mostly requires a mechanism to be established for this
kind of things. One option would be to pass the user ticket through the
kickstart server onto the machine being installed; another would be for the
account to be created by the kickstart server, which would then pass the
computer credentials. In either case, there would need to be a way to keep the
process secure.

The above could be scripted somehow in the post-installation stage, but I have
the feeling that solving the problem once for all would be more effective than
having everyone reinvent the wheel again and again - poorly or at least in a
half-baked fashion.

Comment 1 Jeremy Katz 2007-01-29 19:52:09 UTC
authconfig needs to be able to handle this before anaconda can even think about
it.  We use authconfig pretty much everywhere for setting this stuff up.

Comment 2 Bug Zapper 2008-04-04 05:42:46 UTC
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers


Note You need to log in before you can comment on or make changes to this bug.