Hello, I have a Samba 4 (alpha 11) server acting as an AD and a Samba 3 client as a domain client, both runing under FreeBSD. To add an SPN for the client I run the command "net ads keytab add HTTP". There is no output but "net ads keytab list" does not show that SPN. Sniffing the network traffic I see that the client uses the control LDAP_SERVER_PERMISSIVE_MODIFY_OID with the critical-bit set and the server responds with an error "Unsupported critical extension".
I could reproduce the behaviour by running ldbmodify on the server: ldbmodify -H ldap://servername -k 1 --controls=permissive_modify:1 test with the file content of test dn: CN=workstation,CN=Computers,DC=EXAMPLE,DC=ORG changetype: modify add: servicePrincipalName servicePrincipalName: HTTP/workstation When I set the critical bit to 0 the call succeeds. When I run it again I get an error "Attribute or value exists". In my understanding this is wrong, permissive modify shall not return an error when the attribute with the same value already exists or when an attribute to be deleted does not exists. -- Best regards, Christoph mailto:[email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
