On Sun, 2010-02-07 at 13:46 +0100, Christoph Theis
wrote:> Hello,
>
> I have a Samba 4 (alpha 11) server acting as an AD and a Samba 3
> client as a domain client, both runing under FreeBSD. To add an SPN
> for the client I run the command "net ads keytab add HTTP". There
is
> no output but "net ads keytab list" does not show that SPN.
Sniffing
> the network traffic I see that the client uses the control
> LDAP_SERVER_PERMISSIVE_MODIFY_OID with the critical-bit set and the
> server responds with an error "Unsupported critical extension".
>
> I could reproduce the behaviour by running ldbmodify on the server:
>
> ldbmodify -H ldap://servername -k 1 --controls=permissive_modify:1 test
>
> with the file content of test
>
> dn: CN=workstation,CN=Computers,DC=EXAMPLE,DC=ORG
> changetype: modify
> add: servicePrincipalName
> servicePrincipalName: HTTP/workstation
>
> When I set the critical bit to 0 the call succeeds. When I run it
> again I get an error "Attribute or value exists". In my
understanding
> this is wrong, permissive modify shall not return an error when the
> attribute with the same value already exists or when an attribute to
> be deleted does not exists.
Correct, we don't currently support this control. Please file a bug,
and we will try and get to it soon.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20100208/87826fe9/attachment.pgp>