[PATCH] s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUID

[Andrew Bartlett]

On Mon, 2010-04-26 at 16:34 +0300, Kamen Mazdrashki wrote:
> hi Andrew,
> 
> On Mon, Apr 26, 2010 at 07:19, Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > On Mon, 2010-04-26 at 00:31 +0300, Kamen Mazdrashki wrote:
> > > Tridge, Andrew,
> > >
> > > Could you please review following patch:
> > >
> > http://gitweb.samba.org/?p=kamenim/samba.git;a=commitdiff;h=e9194af939aa47aea67c074853fd228acb3ac03b
> > >
> > > <
> > http://gitweb.samba.org/?p=kamenim/samba.git;a=commitdiff;h=e9194af939aa47aea67c074853fd228acb3ac03b
> > >During
> > > vampire-test-fix effor, I've found this function actually should be
> > > searching DSA's record by objectGUID
> > > as it is objectGUID that is send in DRSUpdateRefs() call.
> >
> > Have you check that this is also the case with Windows clients?  (Samba
> > may be getting this wrong).  Perhaps Windows doesn't actually check
> > this?
> >
> > I can confirm now that w2k8 sends objectGUID of "NTDS Settings" object.
> 
> BTW, after vampiring s w2k8 domain, we don't set 'dNSHostName' for the
> server object
> of our new DC?
> Is this intentionally or a bug?
> This caused me a lot of troubles to try to replicate from WinDCs to Samba
> one (and vice versa) :)

Certainly it looks like a bug to me.  As mdw notes, the
LogonGetDomainInfo call normally sets this, so we should work out at
what point in a Windows -> Windows join this is set (ie, is that call
made, or does it seem to be a direct DB modify).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100427/9ba15ed2/attachment.pgp>