patch to Samba4 for Win7-beta domain join
simo
idra at samba.org
Tue Feb 10 07:21:53 MST 2009
On Tue, 2009-02-10 at 17:38 +1100, tridge at samba.org wrote:
> Hi Andrew,
>
> As we discussed on IRC, I've pushed a patch
> (fe5b0b595c926aea0916541ceeaf610bc018cb63) to s4 that allows a domain
> join from Win7-beta to work. The patch involves two parts:
>
> - a small change to fix the dcesrv_netr_DsRGetDCNameEx2 code to cope
> with short domain names, and fix the bogus use of the dnsDomain
> attribute
>
> - a hack in password_hash.c to enable setting of machine account
> passwords via a unicodePwd LDAP modify
>
> The unicodePwd hack is the interesting one. As the commit says:
>
> This patch copes with the ldap unicodePwd modify by recognising the
> format and creating the correct attributes on the fly. Note that this
> assumes we will never get a unicodePwd attribute set in NT MD4 format
> with the first 2 and last 2 bytes set to 0x22 0x00.
>
> Andrew Bartlett is looking at a more robust solution, possibly using a
> flag to say that this modify came via ldap, and not internal ldb
> calls.
>
> What do you think of this as a temporary solution?
Andrew(s),
I suggest we use an internal control to specify that the password is a
clear text one, this will make it very easy to avoid the hackish thing
you've done here and is the proper way to send information down the
stack.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list