net ads dns register against Samba DC allows what appears to be ordinary users to add DNS names?

Rowland Penny repenny241155 at gmail.com
Thu Jun 30 16:00:12 UTC 2016


On 30/06/16 16:16, Richard Sharpe wrote:
> Hi folks,
>
> Using ldbmodify I managed to modify the userAccountControl field of
> the user I added and then used it to to try to add a DNS name.
>
> Imagine my surprise when I found that an ordinary user can add DNS addresses.
>
> I am pretty sure that Windows does not allow that.

I am fairly sure they can, I have been using a variant of a script to be 
found here:

http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/

And it uses a normal user updating a windows DC

Rowland

>
> The samAccountType for the account was 805306368.
>
> Is there a bug in the Samba DC code there?
>




More information about the samba-technical mailing list