Univention Bugzilla – Bug 31088
Event 4105: The Remote Desktop license server cannot update the msTSExpireDate attribute for user objects
Last modified: 2013-04-19 12:45:56 CEST
Ticket#: 2013040821002261 A Windows 2008 R2 Terminal Server License Server (configured for "per User" CALs) is not able to save the msTSExpireDate (<http://msdn.microsoft.com/en-us/library/cc220557.aspx>) attribute on the user object in S4. System eventlog shows the event 4105 at user login: The Terminal Services license server cannot update the license attributes for user “<UserName>” in Active Directory Domain “<DomainName>” <http://support.microsoft.com/kb/2030310/en-us> S4 Debuglevel shows the following modify for the user logging in: ldb: ldb_trace_request: MODIFY dn: CN=butzer,CN=Users,DC=s4lish,DC=qa changetype: modify replace: msTSManagingLS msTSManagingLS: 00486-237-9937597-84351 - replace: msTSLicenseVersion msTSLicenseVersion: 393216 - replace: msTSExpireDate msTSExpireDate: 20130616160028.000Z - control: 1.2.840.113556.1.4.1413 crit:0 data:no control: 1.3.6.1.4.1.7165.4.3.17 crit:0 data:no Running into the following error validating/normalizing the value for msTSExpireDate: ldb: ldb_asprintf/set_errstring: objectclass_attrs: attribute 'msTSExpireDate' on entry 'CN=butzer,CN=Users,DC=s4lish,DC=qa' contains at least one invalid value! It looks like the function "ldb_val_to_time" (lib/ldb/common/ldb_msg.c) does not recognize the .000Z time format. I tried to add the different format like the patch from <http://www.snix.com/wiki/index.php/Samba_4> does but it seems as if the ldb_val_to_time is not called for msTSExpireDate. Maybe this is the case because there are two syntax types with the same attribute syntax oid ("String(UTC-Time)" and "String(Generalized-Time)") but different validating/normalizing functions defined in <source4/dsdb/schema/schema_syntax.c> and "String(UTC-Time)" is first in the dsdb_syntaxes struct. I tried to also add the .000Z syntax to the UTC counterpart of "ldb_val_to_time" ("ldb_string_utc_to_time") but with no success. To reproduce: * Join a Windows 2008 R2 (64bit) into S4 domain * Install Remote Desktop Services (Terminal Server) and Remote Desktop Licencing (License-Server) * Activate Remote Desktop Licencing on a "per User" CAL basis (actually you don't need to enter a key for CALs ...) * Add the Machine Account to the buildin group "Terminal Server License Servers" * Login as a user (should throw the error at samba debuglevel 15)
Created attachment 5178 [details] ldif for testing ldbmodify -H /var/lib/samba/private/sam.ldb bug31088.ldif
Patch works but needed to be applied against separate ldb library package. Reporter successfully verified this with W2K8R2.
Advisory: 2013-04-18-ldb.yaml
Created user "butzer", changed BaseDN in LDIF; ldbmodify fails ERR: (Invalid attribute syntax) install new packages; ldbmodify works. → OK Advisory: OK
http://errata.univention.de/ucs/3.1/90.html