[PATCH 1/2] Set os attribute and version during domain join
Matthew Geddes
musicalcarrion at gmail.com
Wed Mar 21 17:49:52 GMT 2007
Gerald (Jerry) Carter wrote:
>>> Yup. Just checked. But only OS Name and Version.
>>> Not Service Pack. And the update only happens on
>>> reboot which implies that it occurs when the machine
>>> uses its trust account to contact the DC.
>>>
>> Did you get any packets? :-)
>>
>
> Nope. :-) I've got about four things in the hopper right
> now. I'll get a trace once I can clear the 3.0.25pre2 release
> off my plate. Probably will be tomorrow.
No worries. I'm happy to take this one over, if you like. I've already
spent time looking at it and I think we're both heading in the same
direction. I'll keep the list informed with my progress, so if you have
a chance to answer questions and offer suggestions/abuse, that'd be
great. :-)
I reproduced the same scenario and grabbed some packet captures. I've
attached them both, as they're only 20k each. Hope that's OK. Here's
exactly how I reproduced it:
- Make sure that the NT machine didn't have an account in the domain
(controlled by a single 2k3 host)
- Start capturing traffic on the DC. It's all in VMWare with only two
hosts started, so there should only be relevant packets in the captures.
- Join NT machine to the domain using a user called domadd which is a
normal user that also sports SeMachineAccountPrivilege
- Stop the capture and save it (NTServerJoin2K3.pcap)
- confirm that the machine account in Active Directory doesn't have
the OS or OS Version attributes set
- Reboot the NT machine (NT Server 4.0 SP6-something)
- Capture packets from the DC
- Confirm existence of attributes in AD object
- Stop and save capture (NTServerBootAfterJoin2K3.pcap)
I haven't looked at these yet, but thought I'd provide them early in
case anyone else is interested at all. :-)
thx,
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTServerBootAfterJoin2K3.pcap
Type: application/octet-stream
Size: 20341 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070321/60acffa9/NTServerBootAfterJoin2K3.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTServerJoin2K3.pcap
Type: application/octet-stream
Size: 20164 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070321/60acffa9/NTServerJoin2K3.obj
More information about the samba-technical
mailing list