cannot rename windows xp machine in samba4
Matthias Dieter Wallnöfer
mdw at samba.org
Thu May 24 14:33:10 MDT 2012
Hi Andrew, Matthieu,
in my "master" branch you can find the necessary patches beside some
other work which I find ready to push.
Cheers,
Matthias
Matthieu Patou schrieb:
> Matthias,
>
> On 05/03/2012 02:04 PM, Matthias Dieter Wallnöfer wrote:
>> Matthieu, Andrew,
>>
>> this has been a tricky issue. Here you can find my patch and the
>> reason explained in the commit notice:
>> http://gitweb.samba.org/samba.git/?p=mdw/samba.git;a=commitdiff;h=b2d3ef922913de635be559df624ef53fccce598e.
>> Please review & merge it!
>>
> Your patch didn't address the real problem, my logic might be affected
> but it looks like your patch is try to prevent duplicates in the
> servicePrincipalName that are due to dnsHostName change.
>
> This seems pretty unefficient, why not adding all the value in an
> array, and then check for duplicate only once instead of doing it for
> all the entries that are about to be modified instead of iterating
> several time.
>
> But most important your patch didn't address the issue of Vladimir
> which is the following: there is 2 modifications in the request one
> for dnsHostName and one for servicePrincipalName, the modification in
> servicePrincipalName is the same as one triggered by the dnsHostName
> change resulting in two entries for the same value causing ldb to
> reject the change.
>
> I think the correct approach is the following:
>
> 1 in samldb_service_principal_names_change() check if there is a
> servicePrincipalName in the change message
> 2 if so get the values
> 3 create a list changed value for the servicePrincipalName due to
> dnsHostname or samaccountname change
> 4 Once the list is complete check if there is no duplicate values with
> those obtained in step 2
>
> Apart from that there is a test missing on the unicity
> (case-insensitive) of values for the attribute servicePrincipalName,
> because for the moment we can add HOST/MYHOST when the entry
> HOST/myhost already exists (Windows 2003R2 do not allow this).
>
> Matthieu.
>
>> Cheers,
>> Matthias
>>
>> Matthieu Patou schrieb:
>>> Hi Vladimir,
>>>
>>>
>>>> ok, I that's what I've done step by step again:
>>>>
>>>> * left XP from domain
>>>> * changed winxp computer name to WS5 and sid with newsid utility
>>>> * joined winxp to domain under name WS5
>>>> * powered off the vm
>>>> * started packet capture with "tcpdump -p -s 0 -w samba4.dump.txt
>>>> * exported keytab with "samba-tool domain exportkeytab
>>>> ./samba4.keytab"
>>>> * powered on winxp
>>>> * logged in as admin (I entered wrong username one time, if that's
>>>> important) and tried to rename WS5 to WS6, twice, both times I got
>>>> error
>>>> but they seem to be a bit different, first time it said smth
>>>>
>>>> the dump files were too large for the maillist (I cancelled that
>>>> posting)
>>>> so I have put it to rapidshare here's the link:
>>>> https://rapidshare.com/files/3805994593/samba4.zip
>>> Now with this trace I have the reason of the problem.
>>> I put Matthias in copy as he might be the most aware of this.
>>> The problem lies in samldb_service_principal_names_change() function
>>> as we try to add a new principal that is also specified in the request.
>>>
>>> Before adding a SPN we should check that this SPN is not already
>>> specified in the request, then I suspect that the rename will work.
>>>
>>> Matthieu.
>>
>
More information about the samba-technical
mailing list