modification of userAccountControl according to MS-SAMR 3.1.1.8.1.

Kamen Mazdrashki kamenim at samba.org
Thu Jan 13 15:52:39 MST 2011 

On Thu, Jan 13, 2011 at 22:14, Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2011-01-13 at 19:46 +0200, Kamen Mazdrashki wrote:
>> >
>> > Is this based just on a reading of the docs, or a specific test?  If
>> > it's a test, can you give some more detail on what you have tested?
>> >
>> This is based on what we were observing while testing our internal tool.
>> Account created is disabled on Samba, but not disabled on w2k3-r2.
>>
>> ----------------------------------------------------------------------------
>> I am writing here after testing it and it proofs we have a bug in Samba.
>> I've used this simple record for creating a user record:
>>  {'dn': 'CN=test_736,CN=Users,DC=samba,DC=devel',
>>   'objectClass': 'user',
>>   'userAccountControl': '66080',
>>   'sAMAccountName': 'test_736'}
>>
>> Against w2k8-r2 after adding the record,  userAccountControl = '66080'
>> Against Samba4 after adding the record, userAccountControl = '66082'
>>
>> So I think Anatoliy's statement holds true and we have a bug.
>> I will work on Samba implementation to come with a patch, if
>> Matthias is ok with this?
>
> I think part of the confusion comes from your approach in asking.
> Instead of asking for abstract permission to change some aspect of
> behaviour, ask instead if you can get review of a patch for a test and
> fix.  If we differ in behaviour against Windows, then it is a bug.
>
> Of course that review is still important, as often the simple fix isn't
> the right one, but this is best discussed in the context of a supplied
> patch (both of which really shouldn't take much longer than this e-mail
> exchange).
>
I see. We were quite excited yesterday so we rushed to announce the bug
rather than proposing a patch :)
Sorry for this confusion!

> BTW, watch out for the implications on MS-SAMR, which does need to set
> userAccountControl, but also needs the account still disabled when
> created.
>
Thanks for the hint!


-- 
CU,
Kamen Mazdrashki
Samba Team                                            http://samba.org
http://gitweb.samba.org/?p=kamenim/samba.git;a=summary

More information about the samba-technical mailing list