Matthias, Any chance you can look into this for me?
Thanks, On Tue, 2013-05-28 at 15:56 +0800, Tide wrote: > the userAccountControl value becomes 0x202 (514) after 0x800002 was written > to active directory of windows server 2003, so it looks like > UF_NORMAL_ACCOUNT (0x200) is really implied. > > ---------------- Original ------------------ > From: "Andrew Bartlett"<[email protected]>; > Date: Tue, May 28, 2013 10:50 AM > To: "Tide"<[email protected]>; > Cc: "samba"<[email protected]>; > Subject: Re: [Samba] userAccountControl can't be set to 0x800002 > (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized > account type" > > > On Tue, 2013-05-28 at 10:32 +0800, Tide wrote: > > We have a third party mail system which can write/read accounts to/from AD > > using ldaps protocol, it works fine with active directory of windows server > > 2003. > > > > When I test the mail system with samba4 DC, I can't disable user from the > > mail system, because the mail system write 0x800002 > > (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) to userAccountControl > > field of AD/samba4, and samldb returns "Unrecognized account type" error. > > > > Is this expected behaviour or a possible bug? > > > > # test from command line > > ldbedit --show-binary -H /usr/local/samba/private/sam.ldb > > sAMAccountName=YOUR_ACCOUNT userAccountControl > > # then change userAccountControl to 8388610, save, quit editor > > If it works against Windows and doesn't work against Samba, it's a bug. > We need to know what the value becomes after you do this against > windows, then then we need the tests updated to cover this case. > > Presumably the UF_NORMAL_ACCOUNT flag is implied. > > Once that's done, it shouldn't be too hard to also imply it. > > Any chance you can look into this for us? > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
