[PATCH 1/2] Set os attribute and version during domain join

Matthew Geddes musicalcarrion at gmail.com
Wed Mar 21 17:49:52 GMT 2007


Gerald (Jerry) Carter wrote:
>>> Yup.  Just checked.   But only OS Name and Version.
>>> Not Service Pack.  And the update only happens on
>>> reboot which implies that it occurs when the machine
>>> uses its trust account to contact the DC.
>>>       
>> Did you get any packets? :-)
>>     
>
> Nope.  :-)  I've got about four things in the hopper right
> now.  I'll get a trace once I can clear the 3.0.25pre2 release
> off my plate.  Probably will be tomorrow.

No worries. I'm happy to take this one over, if you like. I've already 
spent time looking at it and I think we're both heading in the same 
direction. I'll keep the list informed with my progress, so if you have 
a chance to answer questions and offer suggestions/abuse, that'd be 
great. :-)

I reproduced the same scenario and grabbed some packet captures. I've 
attached them both, as they're only 20k each. Hope that's OK. Here's 
exactly how I reproduced it:

  - Make sure that the NT machine didn't have an account in the domain 
(controlled by a single 2k3 host)
  - Start capturing traffic on the DC. It's all in VMWare with only two 
hosts started, so there should only be relevant packets in the captures.
  - Join NT machine to the domain using a user called domadd which is a 
normal user that also sports SeMachineAccountPrivilege
  - Stop the capture and save it (NTServerJoin2K3.pcap)
  - confirm that the machine account in Active Directory doesn't have 
the OS or OS Version attributes set
  - Reboot the NT machine (NT Server 4.0 SP6-something)
  - Capture packets from the DC
  - Confirm existence of attributes in AD object
  - Stop and save capture (NTServerBootAfterJoin2K3.pcap)

I haven't looked at these yet, but thought I'd provide them early in 
case anyone else is interested at all. :-)

thx,
Matt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTServerBootAfterJoin2K3.pcap
Type: application/octet-stream
Size: 20341 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070321/60acffa9/NTServerBootAfterJoin2K3.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTServerJoin2K3.pcap
Type: application/octet-stream
Size: 20164 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070321/60acffa9/NTServerJoin2K3.obj


More information about the samba-technical mailing list