From Kaushik: However, what I am missing is something similar to: net ads join createupn=host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM -U Administrator Other than DHCP201-126$ no other principals are created on the AD Server. That means other principals existing in the keytab are of no use unless they are separately created. The keytab has the following entries: # klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM 2 host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM 2 host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM 2 host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM 2 host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM 2 host/dhcp201-126@SSSDAD.COM 2 host/dhcp201-126@SSSDAD.COM 2 host/dhcp201-126@SSSDAD.COM 2 host/dhcp201-126@SSSDAD.COM 2 host/dhcp201-126@SSSDAD.COM 2 DHCP201-126$@SSSDAD.COM 2 DHCP201-126$@SSSDAD.COM 2 DHCP201-126$@SSSDAD.COM 2 DHCP201-126$@SSSDAD.COM 2 DHCP201-126$@SSSDAD.COM It will be useful, if realmd is capable of adding the principals that are there in the keytab or have an option to add a customized principal in the AD Server.
Created attachment 77811 [details] [review] adcli: Streamline how extra account attributes are updated
Created attachment 77812 [details] [review] Add --user-principal argument for joining domains
Created attachment 77813 [details] [review] adcli: Add --user-principal argument for joining domains
(In reply to comment #0) > From Kaushik: > > However, what I am missing is something similar to: > net ads join createupn=host/dhcp201-126.englab.pnq.redhat.com@SSSDAD.COM > -U Administrator > > Other than DHCP201-126$ no other principals are created on the AD > Server. That means other principals existing in the keytab are of no use > unless they are separately created. Well they're useful as service principals, not user principals. But regardless I agree with this feature request.
Created attachment 77824 [details] [review] Add the user-principal option and setting
Yassir, the realmd patch (last one) above, is ready for review, when you get a chance.
Created attachment 77843 [details] [review] Add the user-principal option and setting
Created attachment 77882 [details] [review] Add the user-principal option and setting Updated to make this a realm specific option, rather than global.
Attachment 77882 [details] pushed as d2846c0 - Add the user-principal option and setting
Pushed adcli patches. This timed out for review. But would like to get this tested on the test day, so reviewed, tested and fixed up documentation. Test like this: https://fedoraproject.org/wiki/QA:Testcase_realmd_join_upn
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.