[Samba] Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)

Markus Dellermann li-mli at gmx.net
Thu Mar 24 08:51:12 UTC 2016 

Hi again,
Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann:
> Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne:
> Hi, Mathias and all
> thank you for your answer.
> 
> > Hi all,
> > 
> > SPN = servicePrincipalName
> > 
> > A simple search returning all servicePrincipalName declared in your AD:
> > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname
> 
> For me:
> ldbsearch -H
> /var/lib/samba/private/sam.ldb serviceprincipalname=* serviceprincipalname
> 

[...]
Thank you again for the hint!

With "loglevel=10" i found the affected servicePrincipalName:

ldb: ldb_trace_request: MODIFY
dn: CN=PCNAME,CN=Computers,DC=...
changetype: modify
add: servicePrincipalName
servicePrincipalName: MSSQLSvc/PCNAME.domain.domain.domain.de:DATEV_DBENGIN
   E
  - 
   control: 1.2.840.113556.1.4.1413  crit:0  data:no

[2016/03/24 01:01:45.075853, 10, pid=32023, effective(0, 0), real(0, 0)] ../
source4/dsdb/samdb/ldb_modules/acl.c:1055(acl_modify)
  ldb:acl_modify: servicePrincipalName

[2016/03/24 01:01:45.076866, 10, pid=32023, effective(0, 0), real(0, 0), 
class=ldb] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
[...]
  ldb: ldb_asprintf/set_errstring: error in module acl: Constraint violation 
during LDB_MODIFY (19)
[...]
  ldb: ldb_trace_next_request: (tdb)->del_transaction
[2016/03/24 01:01:45.077191,  0, pid=32023, effective(0, 0), real(0, 0)] ../
source4/rpc_server/drsuapi/writespn.c:234(dcesrv_drsuapi_DsWriteAccountSpn)
  Failed to modify SPNs on CN=PCNAME,CN=Computers,DC=DOMAIN,DC=...: error in 
module acl: Constraint violation during LDB_MODIFY (19)
[2016/03/24 01:01:45.079992,  1, pid=32023, effective(0, 0), real(0, 0)] ../
librpc/ndr/ndr.c:439(ndr_print_function_debug)
       drsuapi_DsWriteAccountSpn: struct drsuapi_DsWriteAccountSpn
          out: struct drsuapi_DsWriteAccountSpn
              level_out                : *
                  level_out                : 0x00000001 (1)
              res                      : *
                  res                      : union 
drsuapi_DsWriteAccountSpnResult(case 1)
                  res1: struct drsuapi_DsWriteAccountSpnResult1
                      status                   : WERR_ACCESS_DENIED
              result                   : WERR_OK

I have two clients with installed Datev -Software / local SQL-Server with this 
Problem

Does SQL-Server have wrong Permissions, or is it a general Problem?

Greetings

Markus

More information about the samba mailing list