[cifs-protocol] Meaning of ACB_PWNOTREQ / UF_PASSWD_NOTREQD

Andrew Bartlett abartlet at samba.org
Fri Sep 5 03:12:47 GMT 2008

In Samba4, we map the userAccountControl flag UF_PASSWD_NOTREQD to the
SAMR flag ACB_PWNOTREQ, and we use this to indicate 'no password (or any
password) required for this account'.  

That is, when this flag is set, and NULL passwords are permitted (as a
global setting 'null passwords = yes' in the smb.conf), we allow any
password to operate/log in to the marked account. 

However, I'm not sure if this is the meaning Microsoft assigns to this
flag.  Could you please clarify AD's behaviour in the situation where
this flag is set on an user account?

If this is not the correct way to handle 'no password required for
logon', Is there another way to indicate this?


(I want to get this right, or else migrations from Windows domains might
open a security hole)

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080905/5dcf3408/attachment.bin

More information about the cifs-protocol mailing list