Samba4 TP5 as PDC with Win2k3 as BDC

Frank Gruman fgatwork at verizon.net
Tue Jun 12 03:58:59 GMT 2007 

Hello all,

I've got a home network with 3 Windows machines and 4 Linux machines.
Rather than take up valuable work time playing with Samba 4, I am trying
to set up some different scenarios at home...

My first scenario was a Samba 4 PDC standalone.  This worked ok, but I
had some issues with speed of logins and general user maintenance.  But
it was GREAT for a pre-Alpha product.

The second scenario is where I am stuck - Samba 4 PDC with Win2k3 BDC.
I currently receive the following error when I try to create the server
as a BDC:

        Failed to modify SPNs on
        cn=brokenbox,cn=computers,dc=myhome,dc=int: kludge_acl_change:
        attempted database modify not permitted. User MYHOME\BROKENBOX$
        is not SYSTEM or an administrator
        EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
        select()
        EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
        select()
        EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
        select()
        
The Windows server name is brokenbox and begins this process as a
non-domain server.  My Samba4 PDC is running on openSUSE 10.3 Alpha 4+.
I am logging in with the domain administrator account.  After the
installation has failed the server then belongs to the domain, but not
as a BDC.  If I start the wizard again, it performs the same steps and
fails with the same error.

I looked in the code and found the calling procedure
(samba4/source/dsdb/samdb/ldb_modules/kludge_acl.c)

        static int kludge_acl_change(struct ldb_module *module, struct
        ldb_request *req)
        {
        	enum user_is user_type = what_is_user(module);
        	switch (user_type) {
        	case SYSTEM:
        	case ADMINISTRATOR:
        		return ldb_next_request(module, req);
        	default:
        		ldb_asprintf_errstring(module->ldb,
        				       "kludge_acl_change: "
        				       "attempted database modify not permitted. "
        				       "User %s is not SYSTEM or an administrator",
        				       user_name(req, module));
        		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
        	}
        }

And I can trace this back to how and where in the code you are setting
the user_type.  The part I don't understand is how / where does the
value for user_is change from the domain username to the new machine
account?

Any help would be much appreciated.

Regards,
Frank

More information about the samba-technical mailing list