[PATCH 1/2] Set os attribute and version during domain join
Matthew Geddes
musicalcarrion at gmail.com
Tue Mar 20 18:58:18 GMT 2007
Kenneth MacDonald wrote:
>>>>>> "Matthew" == Matthew Geddes <musicalcarrion at gmail.com> writes:
>>>>>>
> Matthew> Information, so perhaps binding to the LDAP tree using
> Matthew> the machine account credentials might work. If that's the
> Matthew> case, perhaps moving your patch from the net command to
> Matthew> winbindd's startup code might work (and allow us to
> Matthew> dynamically update those records based on the output of
> Matthew> things like uname each time we start).
>
> MS Windows clients update these fields themselves dynamically,
> presumably at startup, so doing so during winbindd's startup code is
> better.
>
> We also use minimal rights to join to existing computer accounts, and
> would prefer it if these attributes were updated using the computer
> account, rather than the user account used to join the domain.
>
I've just added some crude test code to winbindd that attempts to
modify/replace operatingSystem and operatingSystemVersion using the
machine's credentials. I bind as host$ (which wireshark suggests
succeeds). I then do a search for my computer account to find the DN,
which is returned fine. I attempt a modify, but get back an
INSUFF_ACCESS_RIGHTS message. The data in the packet, and the
tracewrites indicate that the attributes are all correct (no stupid
data/termination problems due to sleep-coding).
Does anyone have a packet capture of Windows updating these attributes
in Active Directory?
thx,
Matt
More information about the samba-technical
mailing list