Jerry, opening a bug as the sniffs are too large for the mailing list Just tried the new ADS join code against Windows 2000. In my domain creating a workstation with ACB_PWNOEXP fails with NT_STATUS_INVALID_PARAMETER, see invalid.cap. Removing that parameter I get a lot further but I still get an error message: delphin:~ # net ads join -U administrator%geheim Using short domain name -- W2000AD Failed to set servicePrincipalNames. Only NTLM authentication will be possible. Joined 'DELPHIN' to realm 'W2KAD.W2K3AD.ORG' Apparently I can't set dNSHostName in this domain. See success.cap.
Created attachment 1899 [details] with pw_noexp
Created attachment 1900 [details] failing to set dNSHostName
Win2k gets the same failure when the server's fqdn is outside of the Windows domain. WinXP gets around this by simply removning the 1.2.840.113556.1.4.1413 control from the modify. I'll reproduce your test and code up a patch. Thanks for the testing.
closing