[Samba] Update of operatingSystem and operatingSystemVersion attributes in AD

LORANG Geert geert.lorang at hexagon.com
Tue Jun 23 19:11:15 UTC 2020

Hi list,

We've been looking into updating  operatingSystem and 
operatingSystemVersion attributes automatically and periodically (so 
version remains correct after OS upgrades) but quickly found out the 
machine account principal does not have enough permissions as it would 
error out with INSUFF_ACCESS_RIGHTS.

As Windows /is /able to update those attributes I've been doing some 
debugging with Samba logs and network traces and came to the same 
conclusion as in 
that Windows clients update those attributes via the 
NetrLogonGetDomainInfo() MS-RPC call.

Since 2007 a lot has changed obviously and it looks like Microsoft made 
the docs for NetrLogonGetDomainInfo available:


/-> The NETLOGON_WORKSTATION_INFO structure defines information passed 
into the NetrLogonGetDomainInfo method, as specified in It 
SHOULD<20> be used to convey information about a member workstation from 
the client side to the server side./

Any chance we can get this into rpcclient? Any idea why RPC would work 
while LDAP updates error out with INSUFF_ACCESS_RIGHTS? I must admit I'm 
not an expert, just the sysadmin trying to get things done! :-)

Many thanks,

More information about the samba mailing list