[Samba] dbcheck reporting errors

Andrew Bartlett abartlet at samba.org
Tue Dec 1 22:10:43 UTC 2015


On Tue, 2015-12-01 at 12:16 +0100, samba list wrote:
> Hi all,
> 
> Our domain is running perfectly, but for the fun of it, I tried a 
> samba-tool dbcheck, and (unexpected actually!) it returned many
> errors, 
> on many users, like this:
> 
> > ERROR: wrongly formatted userParameters on
> > CN=username1,CN=Users,DC=samba,DC=company,DC=com, should not be
> > psudo-UTF8 encoded
> > Not changing userParameters from UTF8 encoding on
> > CN=username1,CN=Users,DC=samba,DC=company,DC=com
> (yes: it says "psudo-UTF8")
> 
> This is Version 4.2.5-SerNet-Debian-8.wheezy (upgraded from 4.1.17)
> in 
> an AD config. We mostly use ADUC to manage users.
> 
> Are we having problems, without feeling it (yet)..?

The issue is that different parts of Samba (classicupgrade, DRS
replciation, LDAP, SAMR RPC) encoded the attribute in different ways.  

We have settled on storing the binary value obtained over SAMR directly
in the database, and having the other methods use the same format.  

The issue is that the 'string' is not really a string, but a binary
buffer that is written over a UTF16-LE string on the windows client and
then passed in that buffer.  In the past, we would attempt to convert
this UTF16-LE into UTF8, and often truncate it at the first \0 when
replicating.  

The fix should be safe, we actually have specific tests for this
dbcheck rule (sadly unlike most of the others).

Andrew Bartlett

> -- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba









More information about the samba mailing list