patch to Samba4 for Win7-beta domain join

Andrew Bartlett abartlet at samba.org
Tue Feb 10 14:46:33 MST 2009 

On Tue, 2009-02-10 at 09:21 -0500, simo wrote:
> On Tue, 2009-02-10 at 17:38 +1100, tridge at samba.org wrote:
> > Hi Andrew,
> > 
> > As we discussed on IRC, I've pushed a patch
> > (fe5b0b595c926aea0916541ceeaf610bc018cb63) to s4 that allows a domain
> > join from Win7-beta to work. The patch involves two parts:
> > 
> >  - a small change to fix the dcesrv_netr_DsRGetDCNameEx2 code to cope
> >    with short domain names, and fix the bogus use of the dnsDomain
> >    attribute
> > 
> >  - a hack in password_hash.c to enable setting of machine account
> >    passwords via a unicodePwd LDAP modify
> > 
> > The unicodePwd hack is the interesting one. As the commit says:
> > 
> >     This patch copes with the ldap unicodePwd modify by recognising the
> >     format and creating the correct attributes on the fly. Note that this
> >     assumes we will never get a unicodePwd attribute set in NT MD4 format
> >     with the first 2 and last 2 bytes set to 0x22 0x00.
> > 
> >     Andrew Bartlett is looking at a more robust solution, possibly using a
> >     flag to say that this modify came via ldap, and not internal ldb
> >     calls.
> > 
> > What do you think of this as a temporary solution?
> 
> Andrew(s),
> I suggest we use an internal control to specify that the password is a
> clear text one, this will make it very easy to avoid the hackish thing
> you've done here and is the proper way to send information down the
> stack.

That is the general aim, yes.  (It is more complicated than this,
because of the way LDAP modify requests can be used to perform a "change
password" operation, but a not network accessible control or extended
operation is the aim).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090211/ce9da0a6/attachment.bin

More information about the samba-technical mailing list