patch to Samba4 for Win7-beta domain join

simo idra at
Tue Feb 10 07:21:53 MST 2009

On Tue, 2009-02-10 at 17:38 +1100, tridge at wrote:
> Hi Andrew,
> As we discussed on IRC, I've pushed a patch
> (fe5b0b595c926aea0916541ceeaf610bc018cb63) to s4 that allows a domain
> join from Win7-beta to work. The patch involves two parts:
>  - a small change to fix the dcesrv_netr_DsRGetDCNameEx2 code to cope
>    with short domain names, and fix the bogus use of the dnsDomain
>    attribute
>  - a hack in password_hash.c to enable setting of machine account
>    passwords via a unicodePwd LDAP modify
> The unicodePwd hack is the interesting one. As the commit says:
>     This patch copes with the ldap unicodePwd modify by recognising the
>     format and creating the correct attributes on the fly. Note that this
>     assumes we will never get a unicodePwd attribute set in NT MD4 format
>     with the first 2 and last 2 bytes set to 0x22 0x00.
>     Andrew Bartlett is looking at a more robust solution, possibly using a
>     flag to say that this modify came via ldap, and not internal ldb
>     calls.
> What do you think of this as a temporary solution?

I suggest we use an internal control to specify that the password is a
clear text one, this will make it very easy to avoid the hackish thing
you've done here and is the proper way to send information down the


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list