[PATCH] s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUID
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Apr 26 10:16:30 MDT 2010
Kamen,
this is very likely a problem in the "LogonGetDomainInfo" call (netlogon
pipe). Please try to look at this code to see where the problem lies -
but I can tell you: there exist strict and somewhat obfuscated rules
when "dNSHostName" will be set/changed and when not.
Greets,
Matthias
Kamen Mazdrashki wrote:
> hi Andrew,
>
> On Mon, Apr 26, 2010 at 07:19, Andrew Bartlett<abartlet at samba.org> wrote:
>
>
>> On Mon, 2010-04-26 at 00:31 +0300, Kamen Mazdrashki wrote:
>>
>>> Tridge, Andrew,
>>>
>>> Could you please review following patch:
>>>
>>>
>> http://gitweb.samba.org/?p=kamenim/samba.git;a=commitdiff;h=e9194af939aa47aea67c074853fd228acb3ac03b
>>
>>> <
>>>
>> http://gitweb.samba.org/?p=kamenim/samba.git;a=commitdiff;h=e9194af939aa47aea67c074853fd228acb3ac03b
>>
>>> During
>>> vampire-test-fix effor, I've found this function actually should be
>>> searching DSA's record by objectGUID
>>> as it is objectGUID that is send in DRSUpdateRefs() call.
>>>
>> Have you check that this is also the case with Windows clients? (Samba
>> may be getting this wrong). Perhaps Windows doesn't actually check
>> this?
>>
>> I can confirm now that w2k8 sends objectGUID of "NTDS Settings" object.
>>
> BTW, after vampiring s w2k8 domain, we don't set 'dNSHostName' for the
> server object
> of our new DC?
> Is this intentionally or a bug?
> This caused me a lot of troubles to try to replicate from WinDCs to Samba
> one (and vice versa) :)
>
>
More information about the samba-technical
mailing list