[Samba] Update of operatingSystem and operatingSystemVersion attributes in AD
LORANG Geert
geert.lorang at hexagon.com
Tue Jun 23 19:11:15 UTC 2020
Hi list,
We've been looking into updating operatingSystem and
operatingSystemVersion attributes automatically and periodically (so
version remains correct after OS upgrades) but quickly found out the
machine account principal does not have enough permissions as it would
error out with INSUFF_ACCESS_RIGHTS.
As Windows /is /able to update those attributes I've been doing some
debugging with Samba logs and network traces and came to the same
conclusion as in
https://lists.samba.org/archive/samba-technical/2007-March/052448.html
that Windows clients update those attributes via the
NetrLogonGetDomainInfo() MS-RPC call.
Since 2007 a lot has changed obviously and it looks like Microsoft made
the docs for NetrLogonGetDomainInfo available:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/7c3ad0cc-ee05-4643-b773-4d84e1d431dc
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3ae9e9a9-a303-4fa5-8e11-823d9e7e1e61
/-> The NETLOGON_WORKSTATION_INFO structure defines information passed
into the NetrLogonGetDomainInfo method, as specified in 3.5.4.4.9. It
SHOULD<20> be used to convey information about a member workstation from
the client side to the server side./
Any chance we can get this into rpcclient? Any idea why RPC would work
while LDAP updates error out with INSUFF_ACCESS_RIGHTS? I must admit I'm
not an expert, just the sysadmin trying to get things done! :-)
Many thanks,
Geert
More information about the samba
mailing list