Re: [Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"

Sun, 02 Jun 2013 17:30:09 -0700 

Hi Andrew,
please have a look at my "uac" branch - in particular to commit b357e9377c698a20989c339d1459ed00a342cf2b. 

Thanks,
Matthias

Andrew Bartlett schrieb:

Matthias,

Any chance you can look into this for me?

Thanks,

On Tue, 2013-05-28 at 15:56 +0800, Tide wrote:

the userAccountControl value becomes 0x202 (514) after 0x800002 was written to 
active directory of windows server 2003, so it looks like UF_NORMAL_ACCOUNT 
(0x200) is really implied.

---------------- Original ------------------
From:  "Andrew Bartlett"<[email protected]>;
Date:  Tue, May 28, 2013 10:50 AM
To:  "Tide"<[email protected]>;
Cc:  "samba"<[email protected]>;
Subject:  Re: [Samba] userAccountControl can't be set to 0x800002 
(8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account 
type"


On Tue, 2013-05-28 at 10:32 +0800, Tide wrote:

We have a third party mail system which can write/read accounts to/from AD 
using ldaps protocol, it works fine with active directory of windows server 
2003.

When I test the mail system with samba4 DC, I can't disable user from the mail system, 
because the mail system write 0x800002 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) 
to userAccountControl field of AD/samba4, and samldb returns "Unrecognized account 
type" error.

Is this expected behaviour or a possible bug?

# test from command line
ldbedit --show-binary -H /usr/local/samba/private/sam.ldb 
sAMAccountName=YOUR_ACCOUNT userAccountControl
# then change userAccountControl to 8388610, save, quit editor

If it works against Windows and doesn't work against Samba, it's a bug.
We need to know what the value becomes after you do this against
windows, then then we need the tests updated to cover this case.

Presumably the UF_NORMAL_ACCOUNT flag is implied.

Once that's done, it shouldn't be too hard to also imply it.

Any chance you can look into this for us?

Thanks,

Andrew Bartlett

--
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to