[cifs-protocol] [REG:110101173790653] MS-SAMR 3.1.1.8.1 objectClass; UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created
Bryan Burgin
bburgin at microsoft.com
Tue Oct 12 10:08:46 MDT 2010
[Hongwei to bcc]
Hi Matthias,
Bill Wesse (copied) is working on this for you. I see that he already contacted you.
Bill, please see Matthias' additional information below.
B.
-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
Sent: Monday, October 11, 2010 11:22 PM
To: Bryan Burgin; Hongwei Sun
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:110101173790653] MS-SAMR 3.1.1.8.1 objectClass; UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created
Hi Hongwei and Bryan,
I've discovered this by creating computer objects through an LDAP add with only the UF_WORKSTATION_TRUST_ACCOUNT flag specified. Code taken from ldap.py:
> ldb.add({"dn": "cn=ldaptest2computer,cn=computers," +
> self.base_dn,
> "objectClass": "computer",
> "cn": "LDAPtest2COMPUTER",
> "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
> "displayname": "ldap testy"})
Assertion code:
> res =
> ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
...
> self.assertEquals(int(res[0]["sAMAccountType"][0]),
> ATYPE_WORKSTATION_TRUST)
> self.assertEquals(int(res[0]["userAccountControl"][0]),
> UF_WORKSTATION_TRUST_ACCOUNT)
But this is contrary to MS-SAMR 3.1.1.8.1:
Under subitem 1.5 is written that also UF_PASSWD_NOT_REQD is appended if WORKSTATION_TRUST_ACCOUNTs are created. But this obviously isn't done in our ldap.py testcase.
Greets,
Matthias Wallnöfer
Bryan Burgin wrote:
> [Changing case title to reflect new case number] [Changing title]
>
> Matthias,
>
> I created a new case for this issue: SR 110101173790653. Also, please respond to Hongwei's question below ("could you give a little more description about the blackbox test which reproduces the behavior?")? Once we receive that information, someone from the team will follow-up with you.
>
> Thanks.
>
> Bryan
>
>
> -----Original Message-----
> From: Hongwei Sun
> Sent: Monday, October 11, 2010 1:35 PM
> To: Matthias Dieter Wallnöfer
> Cc: cifs-protocol at samba.org; Bryan Burgin
> Subject: RE: [REG:110091558099846] RE: Incompleteness in MS-SAMR
> section 3.1.1.8.1 objectClass
>
> Matthias,
>
> This seems a new issue even it is in the same section of the document. We will create a new case to keep track it. If there is a new issue in our communication in the future , please also copy docHelp, which is monitored by our team, so it will not be missed in case I am out of office or so.
>
> As of this issue, could you give a little more description about the blackbox test which reproduces the behavior ?
>
> Thanks!
>
> Hongwei
>
> -----Original Message-----
> From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
> Sent: Monday, October 11, 2010 11:29 AM
> To: Hongwei Sun
> Cc: cifs-protocol at samba.org; MSSolve Case Email
> Subject: Re: [REG:110091558099846] RE: Incompleteness in MS-SAMR
> section 3.1.1.8.1 objectClass
>
> Hongwei,
>
> I think I've found another issue: always MS-SAMR 3.1.1.8.1 "objectClass"
> trigger - this time item 1.5.
>
> Windows doesn't seem to add always UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created. We've a blackbox test which reproduces this. Probably there is some explaination missing; that means under which cases PASSWD_NOT_REQD is added.
>
> Greets,
> Matthias
>
>
>
More information about the cifs-protocol
mailing list