attribute modification: problem comming soon
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Tue Aug 18 02:54:47 MDT 2009
Hi Matthieu,
Well, this is certainly not a security (ACL) issue :). What kind of error do you get? Perhaps if we get a wireshark of your LDAP request we can see for ourselves.
Also, I am not sure I understand what you write about Windows behavior and why this is a problem. As far as I know, when you join a computer to a domain windows automatically assigns a SPN with two values HOST/netbiosName, and HOST/FQDN.com, and I read somewhere that it is not recommended to change then via LDAP.
So, what are you trying to achieve against windows, how do you do it and what does Samba 4 do?
Sorry if my questions are irrelevant to your problem...
Nadya
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Tuesday, August 18, 2009 11:43 AM
> To: Matthieu Patou
> Cc: Nadezhda Ivanova; samba-technical
> Subject: Re: attribute modification: problem comming soon
>
> On Tue, 2009-08-18 at 12:38 +0400, Matthieu Patou wrote:
> > Hi andrew and nadezhda,
> >
> > A couple of weeks ago I tweaked my S4 in tests to get rid of the
> > verification in kludge_acl.
> >
> > I found that windows 2008 is willing to modify some of his attributes
> > and for at least one of them: servicePrincipalName it keeps modifying it
> > willing to put again and again the same values ie.
> >
> > servicePrincipalName: TERMSRV/smbtstvz01.smb4.tst
> > servicePrincipalName: TERMSRV/SMBTSTVZ01
> >
> > Currently samba4 do not appreciate this and return an error maybe the
> > behavior should be modified to manage this behavior ?
>
> What does windows do? What controls are present on the request
> (permissive modify in particular).
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list