In Samba4, we map the userAccountControl flag UF_PASSWD_NOTREQD to the SAMR flag ACB_PWNOTREQ, and we use this to indicate 'no password (or any password) required for this account'.
That is, when this flag is set, and NULL passwords are permitted (as a global setting 'null passwords = yes' in the smb.conf), we allow any password to operate/log in to the marked account. However, I'm not sure if this is the meaning Microsoft assigns to this flag. Could you please clarify AD's behaviour in the situation where this flag is set on an user account? If this is not the correct way to handle 'no password required for logon', Is there another way to indicate this? Thanks, (I want to get this right, or else migrations from Windows domains might open a security hole) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
