[PATCH 1/2] Set os attribute and version during domain join

Matthew Geddes musicalcarrion at gmail.com
Tue Mar 20 18:58:18 GMT 2007


Kenneth MacDonald wrote:
>>>>>> "Matthew" == Matthew Geddes <musicalcarrion at gmail.com> writes:
>>>>>>             
>     Matthew> Information, so perhaps binding to the LDAP tree using
>     Matthew> the machine account credentials might work. If that's the
>     Matthew> case, perhaps moving your patch from the net command to
>     Matthew> winbindd's startup code might work (and allow us to
>     Matthew> dynamically update those records based on the output of
>     Matthew> things like uname each time we start).
>
> MS  Windows  clients   update  these  fields  themselves  dynamically,
> presumably at startup,  so doing so during winbindd's  startup code is
> better.
>
> We also use minimal rights to join to existing computer accounts, and
> would prefer it if these attributes were updated using the computer
> account, rather than the user account used to join the domain.
>   

I've just added some crude test code to winbindd that attempts to 
modify/replace operatingSystem and operatingSystemVersion using the 
machine's credentials. I bind as host$ (which wireshark suggests 
succeeds). I then do a search for my computer account to find the DN, 
which is returned fine. I attempt a modify, but get back an 
INSUFF_ACCESS_RIGHTS message. The data in the packet, and the 
tracewrites indicate that the attributes are all correct (no stupid 
data/termination problems due to sleep-coding).

Does anyone have a packet capture of Windows updating these attributes 
in Active Directory?

thx,
Matt



More information about the samba-technical mailing list