search for: ldb_modifi

Hi, sometimes I see following in the logs: /source4/rpc_server/drsuapi/writespn.c:234(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=PCNAME,CN=Computers,DC=DOMAIN,DC=NAME,DC=NAME,DC=de: error in module acl: Constraint violation during LDB_MODIFY (19) In the net i found this "explanation": "LDAP_CONSTRAINT_VIOLATION Indicates that the attribute value specified in

Hi, I'm glad that helped you : ) About SPN, I found that link few days ago: https://adsecurity.org/?page_id=183 It tries to list the string values available usable for SPN. And it gives also that link: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx That one is a technet paper to explain SPNs. I tried to read it but

On Tue, 2016-02-02 at 23:38 +0100, Markus Dellermann wrote: > sometimes I see following in the logs: > /source4/rpc_server/drsuapi/writespn.c:234(dcesrv_drsuapi_DsWriteAcco > untSpn) > Failed to modify SPNs on > CN=PCNAME,CN=Computers,DC=DOMAIN,DC=NAME,DC=NAME,DC=de: error in > module acl: > Constraint violation during LDB_MODIFY (19) I am seeing a very similar message -

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld

Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: Hi, Mathias and all thank you for your answer. > Hi all, > > SPN = servicePrincipalName > > A simple search returning all servicePrincipalName declared in your AD: > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > For me: ldbsearch -H /var/lib/samba/private/sam.ldb serviceprincipalname=*

I'm not an expert, especially when it comes to servicePrincipalName which I haven't understood until now but I think it is safe to give an object the right to modify itself. If securing is one of your main concern, you could try to remove the possibility to that account to modify itself, once the servicePrincipalName is created. Doing that SPN should NOT be removed (no right to remove it)

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >

Hi all I am trying to create a webapp to allow users to change their own passwords in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify the user password using this code: dn: ........ changetype: modify replace: unicodePwd unicodePwd: "Temporal2" I get this error: 0x32 (Insufficient access; error in module acl: insufficient access rights during LDB_MODIFY (50))

My tool is growing fast and it takes me to the finishing line for setting up my new user database. But nw I came across another strange issue: I'd like to change the primaryGroupID. It is currently set to 513, which simply does not exist. I wanted to set to 100, which exists and actually the user is a member of this group, but then I get the following exception: ldap.UNWILLING_TO_PERFORM:

Hi Thanks all for your responses. The users can now change their own password adding and removing the unicodePwd attribute, using the correct method to generate the password value. Now, I have a problem, because the users who have the option to force to change the password in the next login checked, can't bind to the LDAP server in order to change their password. Is there any way to do this,

Hi, I am trying to debug an ldaps client that we would like use to change passwords for end-users. Currently this is failing with this: > [LDAP: error code 50 - error in module acl: insufficient access > rights during LDB_MODIFY (50)]; remaining name 'CN=ted t. > test,CN=Users,DC=samba,DC=company,DC=com' From what we understand, there are two ways to change a password: A) as an

Hi Juan, you can use the 'kpasswd' utility: kpasswd user at YOUR.REALM It can be run as unprivileged user. It first prompts you for your old password and the twice for the new password. Cheers, Roel Juan Asensio Sánchez writes: > Hi all > > I am trying to create a webapp to allow users to change their own passwords > in Samba4 (perhaps, also in AD), using LDAP(s).

On 10/5/16 11:17 AM, Rowland Penny via samba wrote: > On Wed, 5 Oct 2016 10:37:51 -0400 > Ron García-Vidal via samba <samba at lists.samba.org> wrote: > >> Here is some more information that could be helpful. This is the >> entry for LDAP User in ldbedit: >> >> # record 253 >> dn: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net >> objectClass: top

On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: > On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >> On Wed, 5 Oct 2016 10:37:51 -0400 >> Ron García-Vidal via samba <samba at lists.samba.org> wrote: >> >>> Here is some more information that could be helpful. This is the >>> entry for LDAP User in ldbedit: >>> >>> # record

On Tue, 2017-01-10 at 15:05 +0100, lists via samba wrote: > Hi, > > I am trying to debug an ldaps client that we would like use to change > passwords for end-users. Currently this is failing with this: > > [LDAP: error code 50 - error in module acl: insufficient access > > rights during LDB_MODIFY (50)]; remaining name 'CN=ted t. > >

High there, despite SPN - registration of MSSQLSvc - Service my samba-log is littered with failures... Please have a look about it: Samba-Version: 4.5.16-SerNet-Debian-18.jessie User foo and machine tz115 are registered in spn: root at tz230:~# samba-tool spn list foo foo User CN=foo,CN=Users,DC=testzentrum,DC=uni-frankfurt,DC=de has the following servicePrincipalName:         

On 10/6/16 12:50 PM, lingpanda101--- via samba wrote: > On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote: >> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: >>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >>>> On Wed, 5 Oct 2016 10:37:51 -0400 >>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote: >>>>

On 10/6/16 1:02 PM, Rowland Penny via samba wrote: > On Thu, 6 Oct 2016 12:35:54 -0400 > Ron García-Vidal via samba <samba at lists.samba.org> wrote: > >> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: >>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >>>> On Wed, 5 Oct 2016 10:37:51 -0400 >>>> Ron García-Vidal via samba <samba

Hello, according to this: https://gitlab.com/samba-team/samba/merge_requests/26 samba should support DNS record scavenging is this only true for the internal DNS or also BIND? Should this work? I enabled it (dns zone scavenging = yes) to try it out and got this (didn't enable it from the DNS Manager tool as I got the error first): Jul 24 16:39:20 dc1 samba[29071]: [2019/07/24