[Samba] Winbind losing Trust with the AD domain
Pascal kolijn
p.kolijn at vu.nl
Mon Dec 10 04:54:13 MST 2012
Peace,
To answer my own question/post, I seem to have found the culprit. It
looks like it is indeed something very simple, and I could even blame it
on the AD ( more or less)...
:o)
The userAccountControl attribute is a structure that contains flags
pertaining to the user account: (See http://www.selfadsi.org
/ads-attributes/user-userAccountControl.htm)
As the AD guys on request set the attribute to 33554432 it was actually
set to 33554432+512 making the account a normal user UF_NORMAL_ACCOUNT
with the UF_NO_AUTH_DATA_REQUIRED flags set.
And that explains the lost of TRUST.
Solution:
The join used to set it to: 69632 (4096 (UF_WORKSTATION_TRUST_ACCOUNT) +
65536 (UF_DONT_EXPIRE_PASSWD))
So knowing all this: the value needs to be set to 33624064. The original
join value + the 33554432 (UF_NO_AUTH_DATA_REQUIRED).
Simple.
--
\\\//
( o o )
+-------------------------oooO--(_)--Oooo--------------------------+
| Pascal Kolijn "First Snow, Then Silence. |
| This Thousand Dollar Screen Dies |
| p.kolijn at vu.nl So Beautifully." |
| .oooO -- Error Messages in Haiku |
+--------------------------( )---Oooo.---------------------------+
\ ( ( )
UC IT - EC(L) \_) ) /
T:(020)(59)85385 (_/
http://www.vu.nl/e-maildisclaimer
More information about the samba
mailing list