[Samba] Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)

mathias dufresne infractory at gmail.com
Thu Mar 10 09:41:34 UTC 2016 

Hi all,

SPN = servicePrincipalName

A simple search returning all servicePrincipalName declared in your AD:
ldbsearch -H $sam serviceprincipalname=* serviceprincipalname

An extract from result concerning a lambda client:
# record 41
dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld
servicePrincipalName: HOST/MB38W746-0009
servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld
servicePrincipalName: TERMSRV/MB38W746-0009.ad.domain.tld
servicePrincipalName: TERMSRV/MB38W746-0009

I would start checking rights using security tab of your client machine
into ADUC tool to verify "SELF" is well configured (comparing with some
other machine not generating these logs).

When this kind of message happens? When you add new client or when client
boots or randomly?

Not sure that helps, I tried ;)


2016-03-08 18:01 GMT+01:00 Adam Tauno Williams <awilliam at whitemice.org>:

> On Tue, 2016-02-02 at 23:38 +0100, Markus Dellermann wrote:
> > sometimes I see following in the logs:
> > /source4/rpc_server/drsuapi/writespn.c:234(dcesrv_drsuapi_DsWriteAcco
> > untSpn)
> > Failed to modify SPNs on
> > CN=PCNAME,CN=Computers,DC=DOMAIN,DC=NAME,DC=NAME,DC=de: error in
> > module acl:
> > Constraint violation during LDB_MODIFY (19)
>
> I am seeing a very similar message - Failed to modify SPNs on
> CN=TERRINE-WHITE,OU=Terminal Servers,DC=example,DC=com: error in module
> acl: Constraint violation (19)
>
> > In the net i found this "explanation":
> >
> > "LDAP_CONSTRAINT_VIOLATION
> > Indicates that the attribute value specified in a modify, add, or
> > modify DN
> > operation violates constraints placed on the attribute. The
> > constraint can be
> > one of size or content (string only, no binary)."
> >
> > Hm, is this triggerd by dns-updates?
> > I see this only with two clients
> > How can I "debug" this ?
> >
> > I am using samba 4.3.4 with bind-dlz
> > clients are win7
> >
> > Thank you for your thoughts!
> >
> > Markus
> >
> --
> Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
> Systems Administrator, Python Developer, LPI / NCLA
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list