cannot rename windows xp machine in samba4

Matthieu Patou mat at matws.net
Fri May 4 23:53:43 MDT 2012 

Matthias,

On 05/03/2012 02:04 PM, Matthias Dieter Wallnöfer wrote:
> Matthieu, Andrew,
>
> this has been a tricky issue. Here you can find my patch and the 
> reason explained in the commit notice: 
> http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=commitdiff;h=b2d3ef922913de635be559df624ef53fccce598e.
> Please review & merge it!
>
Your patch didn't address the real problem, my logic might be affected 
but it looks like your patch is try to prevent duplicates in the 
servicePrincipalName that are due to dnsHostName change.

This seems pretty unefficient, why not adding all the value in an array, 
and then check for duplicate only once instead of doing it for all the 
entries that are about to be modified instead of iterating several time.

But most important your patch didn't address the issue of Vladimir which 
is the following: there is 2 modifications in the request one for 
dnsHostName and one for servicePrincipalName, the modification in 
servicePrincipalName is the same as one triggered by the dnsHostName 
change resulting in two entries for the same value causing ldb to reject 
the change.

I think the correct approach is the following:

1 in samldb_service_principal_names_change() check if there is a 
servicePrincipalName in the change message
2 if so get the values
3 create a list changed value for the servicePrincipalName due to 
dnsHostname or samaccountname change
4 Once the list is complete check if there is no duplicate values with 
those obtained in step 2

Apart from that there is a test missing on the unicity 
(case-insensitive) of values for the attribute servicePrincipalName, 
because for the moment we can add HOST/MYHOST when the entry HOST/myhost 
already exists (Windows 2003R2 do not allow this).

Matthieu.

> Cheers,
> Matthias
>
> Matthieu Patou schrieb:
>> Hi Vladimir,
>>
>>
>>>   ok, I that's what I've done step by step again:
>>>
>>> * left XP from domain
>>> * changed winxp computer name to WS5 and sid with newsid utility
>>> * joined winxp to domain under name WS5
>>> * powered off the vm
>>> * started packet capture with "tcpdump -p -s 0 -w samba4.dump.txt
>>> * exported keytab with "samba-tool domain exportkeytab ./samba4.keytab"
>>> * powered on winxp
>>> * logged in as admin (I entered wrong username one time, if that's
>>> important) and tried to rename WS5 to WS6, twice, both times I got 
>>> error
>>> but they seem to be a bit different, first time it said smth
>>>
>>> the dump files were too large for the maillist (I cancelled that 
>>> posting)
>>> so I have put it to rapidshare here's the link:
>>> https://rapidshare.com/files/3805994593/samba4.zip
>> Now with this trace I have the reason of the problem.
>> I put Matthias in copy as he might be the most aware of this.
>> The problem lies in samldb_service_principal_names_change() function 
>> as we try to add a new principal that is also specified in the request.
>>
>> Before adding a SPN we should check that this SPN is not already 
>> specified in the request, then I suspect that the rename will work.
>>
>> Matthieu.
>

More information about the samba-technical mailing list