utils/join-linux-to-AD.sh: update default smb.conf according net(8)

with samba-common 4.21 we have to use 'sync machine password to keytab'
to gererate keytab entry like 'computer$@realm'
---

'''
sync machine password to keytab (G)
This option allows you to describe what keytabs and how should be updated when machine account is changed via one of these commands:
  wbinfo --change-secret
  rpcclient --machine-pass -c change_trust_pw
  net rpc changetrustpw
  net ads changetrustpw

or by winbindd doing regular updates (see machine password timeout)

The option takes a list of keytab strings to describe how to synchronize content of those keytabs or a single 'disabled' value to disable the synchronization.
Each string has this form:

absolute_path_to_keytab:spn_spec[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password]

where spn_spec can have exactly one of these four forms:
- account_name
- sync_spns
- spn_prefixes=value1[,value2[...]]
- spns=value1[,value2[...]]

No other combinations are allowed.

Specifiers:
- account_name - creates entry using principal 'computer$@realm'.
- sync_spns    - uses principals received from AD DC.
- spn_prefixes - creates principals from the prefixes and adds netbios_aliases or additional_dns_hostnames if specified.
- spns         - creates only the principals defined in the list.
'''

Signed-off-by: Jianhong Yin <[email protected]>

Author: tcler

utils/join-linux-to-AD.sh

@@ -292,10 +292,11 @@ workgroup = $AD_DS_NETBIOS
 client signing = yes
 client use spnego = yes
 kerberos method = secrets and keytab
-password server = $AD_DC_FQDN
 realm = $AD_DS_NAME
 netbios name = $HOST_NETBIOS
 security = ads
+#password server = $AD_DC_FQDN
+sync machine password to keytab = /etc/krb5.keytab:account_name:machine_password
 EOFL
 run "cat $SMB_CONF"