On Sat, 2012-12-29 at 19:31 +1300, Pieter De Wit wrote: > On 28/12/2012 10:45, Andrew Bartlett wrote: > > On Fri, 2012-12-28 at 10:30 +1300, Pieter De Wit wrote: > >> On 22/12/2012 14:56, Andrew Bartlett wrote: > >>> On Sat, 2012-12-22 at 14:28 +1300, Pieter De Wit wrote: > >>>> I stand corrected re the MS comment then. How do I get the > >>>> userAccountControl? > >>> userAccountControl is an ldap attribute, on the DC object. ldapsearch, > >>> or a GUI LDAP browser (ldp.exe on windows is one) will be able to show > >>> it. > >>> > >>> Andrew Bartlett > >>> > >> Hi Andrew, > >> > >> Finally got time to pull this: > >> > >> userAccountControl: 69632 > > This is 0x11000 > > > > #define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000 > > #define UF_DONT_EXPIRE_PASSWD 0x00010000 > > > > If this remains an issue with current management tools, then I guess we > > can raise a bug to see if we really, really need to set > > UF_DONT_EXPIRE_PASSWD in that bitmask. > > > > Andrew Bartlett > > > Andrew, > > Is it worth setting the value to 0x1000 and see what the tools show > before logging the bug ?
It would be a useful data point. > What is the "correct" value for a Member Server ? It just needs UF_WORKSTATION_TRUST_ACCOUNT I've seen contradictory stuff about if workstation accounts can expire. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba