Re: [Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"
Yes, it fixed it, user can be disabled from mail system now ( although it does not save the same value as AD saved (0x82 -> 0x202 in AD, 0x82 -> 0x800202 in current patch) ). Thank you guys! -- Original -- From: "Andrew Bartlett"; Date: Wed, Jun 5, 2013 07:34 AM To: "Matthias Dieter Wallnöfe"; "Tide"; Cc: "samba"; "samba-technical"; Subject: Re: [Samba] userAccountControl can't be set to 0x82 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type" On Wed, 2013-05-29 at 22:23 +0200, Matthias Dieter Wallnöfer wrote: > Hi Andrew, > > please have a look at my "uac" branch - in particular to commit > b357e9377c698a20989c339d1459ed00a342cf2b. Thanks, I'll autobuild those! Tide, Just to be doubly sure, can you confirm the attached patches fix your issue? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4 dc ldap] LDAP_SERVER_FAST_BIND_OID is currentlynot supported?
Bug posted: https://bugzilla.samba.org/show_bug.cgi?id=9919 Sorry I can't making a patch, but I attached a Java client test file in it. Sorry again, I don't know to written it in C language. -- Original -- From: "Andrew Bartlett"; Date: Thu, May 30, 2013 01:42 PM To: "Tide"; Cc: "samba"; Subject: Re: [Samba] [samba4 dc ldap] LDAP_SERVER_FAST_BIND_OID is currentlynot supported? On Wed, 2013-05-29 at 10:00 +, Tide wrote: > I'm testing LDAP authentication against samba4 using fast bind connection > control. I got the following java exception > > javax.naming.NamingException: [LDAP: error code 1 - Operations Error] > > > and got error message from samba > > ldapsrv_do_call: Critical extension 1.2.840.113556.1.4.1781 is not known to > this server > > > Is fast bind control not yet supported? Any plan to support it? It isn't currently supported, but shouldn't be too hard to add. The harder part is actually writing the tests, implementing the OID is mostly a matter of skipping code, and listing it our known OID list in source4/libcli/ldap/ldap_controls.c. Please file a bug, and if you like you could attempt a patch, or at least help us write a testsuite. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [samba4 dc ldap] LDAP_SERVER_FAST_BIND_OID is currently not supported?
I'm testing LDAP authentication against samba4 using fast bind connection control. I got the following java exception javax.naming.NamingException: [LDAP: error code 1 - Operations Error] and got error message from samba ldapsrv_do_call: Critical extension 1.2.840.113556.1.4.1781 is not known to this server Is fast bind control not yet supported? Any plan to support it? related links: JNDI, Active Directory and Authentication (part 5) (Fast Bind) https://forums.oracle.com/forums/thread.jspa?threadID=1155584&tstart=0 LDAP_SERVER_FAST_BIND_OID http://msdn.microsoft.com/en-us/library/aa366981.aspx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"
the userAccountControl value becomes 0x202 (514) after 0x82 was written to active directory of windows server 2003, so it looks like UF_NORMAL_ACCOUNT (0x200) is really implied. Original -- From: "Andrew Bartlett"; Date: Tue, May 28, 2013 10:50 AM To: "Tide"; Cc: "samba"; Subject: Re: [Samba] userAccountControl can't be set to 0x82 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type" On Tue, 2013-05-28 at 10:32 +0800, Tide wrote: > We have a third party mail system which can write/read accounts to/from AD > using ldaps protocol, it works fine with active directory of windows server > 2003. > > When I test the mail system with samba4 DC, I can't disable user from the > mail system, because the mail system write 0x82 > (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) to userAccountControl field > of AD/samba4, and samldb returns "Unrecognized account type" error. > > Is this expected behaviour or a possible bug? > > # test from command line > ldbedit --show-binary -H /usr/local/samba/private/sam.ldb > sAMAccountName=YOUR_ACCOUNT userAccountControl > # then change userAccountControl to 8388610, save, quit editor If it works against Windows and doesn't work against Samba, it's a bug. We need to know what the value becomes after you do this against windows, then then we need the tests updated to cover this case. Presumably the UF_NORMAL_ACCOUNT flag is implied. Once that's done, it shouldn't be too hard to also imply it. Any chance you can look into this for us? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"
We have a third party mail system which can write/read accounts to/from AD using ldaps protocol, it works fine with active directory of windows server 2003. When I test the mail system with samba4 DC, I can't disable user from the mail system, because the mail system write 0x82 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) to userAccountControl field of AD/samba4, and samldb returns "Unrecognized account type" error. Is this expected behaviour or a possible bug? # test from command line ldbedit --show-binary -H /usr/local/samba/private/sam.ldb sAMAccountName=YOUR_ACCOUNT userAccountControl # then change userAccountControl to 8388610, save, quit editor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
