On Sun, 2010-02-07 at 13:46 +0100, Christoph Theis wrote: > Hello, > > I have a Samba 4 (alpha 11) server acting as an AD and a Samba 3 > client as a domain client, both runing under FreeBSD. To add an SPN > for the client I run the command "net ads keytab add HTTP". There is > no output but "net ads keytab list" does not show that SPN. Sniffing > the network traffic I see that the client uses the control > LDAP_SERVER_PERMISSIVE_MODIFY_OID with the critical-bit set and the > server responds with an error "Unsupported critical extension". > > I could reproduce the behaviour by running ldbmodify on the server: > > ldbmodify -H ldap://servername -k 1 --controls=permissive_modify:1 test > > with the file content of test > > dn: CN=workstation,CN=Computers,DC=EXAMPLE,DC=ORG > changetype: modify > add: servicePrincipalName > servicePrincipalName: HTTP/workstation > > When I set the critical bit to 0 the call succeeds. When I run it > again I get an error "Attribute or value exists". In my understanding > this is wrong, permissive modify shall not return an error when the > attribute with the same value already exists or when an attribute to > be deleted does not exists.
Correct, we don't currently support this control. Please file a bug, and we will try and get to it soon. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
