net ads dns register against Samba DC allows what appears to be ordinary users to add DNS names?

[Richard Sharpe]

Hi folks,

Using ldbmodify I managed to modify the userAccountControl field of
the user I added and then used it to to try to add a DNS name.

Imagine my surprise when I found that an ordinary user can add DNS addresses.

I am pretty sure that Windows does not allow that.

The samAccountType for the account was 805306368.

Is there a bug in the Samba DC code there?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)