[Samba] Samba 4: permissive modify fails

Christoph Theis theis.news at gmx.at
Sun Feb 7 05:46:36 MST 2010


I have a Samba 4 (alpha 11) server acting as an AD and a Samba 3
client as a domain client, both runing under FreeBSD. To add an SPN
for the client I run the command "net ads keytab add HTTP". There is
no output but "net ads keytab list" does not show that SPN. Sniffing
the network traffic I see that the client uses the control
LDAP_SERVER_PERMISSIVE_MODIFY_OID with the critical-bit set and the
server responds with an error "Unsupported critical extension".

I could reproduce the behaviour by running ldbmodify on the server:

ldbmodify -H ldap://servername -k 1 --controls=permissive_modify:1 test

with the file content of test

dn: CN=workstation,CN=Computers,DC=EXAMPLE,DC=ORG
changetype: modify
add: servicePrincipalName
servicePrincipalName: HTTP/workstation

When I set the critical bit to 0 the call succeeds. When I run it
again I get an error "Attribute or value exists". In my understanding
this is wrong, permissive modify shall not return an error when the
attribute with the same value already exists or when an attribute to
be deleted does not exists.

Best regards,
 Christoph                          mailto:theis.news at gmx.at

More information about the samba mailing list