On 17.06.2010 08:08, Alan DeKok wrote: > Jens Weibler wrote: > >> Shouldn't it be possible to use workstation accounts? My temporary >> solution is to exclude querying sambaAcctFlag. No real solution if you >> want to lock out really expired or disabled accounts :( >> > <shrug> If the flag means "disabled OR non-normal", then you can't > have it both ways. If you want to allow non-normal accounts, you have > to ignore the flag. If you want to disable users, you have to look at > the flag. The two situations aren't compatible. > > You could always put disabled users into a "disabled" group, and check > that. >
The question is: why isn't the check allowing workstations?
if (((smb_ctrl->vp_integer & ACB_DISABLED) != 0) ||
(((smb_ctrl->vp_integer & ACB_NORMAL) == 0) && (smb_ctrl->vp_integer &
ACB_WSTRUST == 0))) {
RDEBUG2("SMB-Account-Ctrl says that the account is disabled, or is not a
normal account.");
--
Jens Weibler
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
