[cifs-protocol] [REG:110101173790653] MS-SAMR 3.1.1.8.1 objectClass; UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created

Tue Oct 12 10:08:46 MDT 2010

[Hongwei to bcc]

Hi Matthias,

Bill Wesse (copied) is working on this for you.  I see that he already contacted you.

Bill, please see Matthias' additional information below.

B.

-----Original Message-----
From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org] 
Sent: Monday, October 11, 2010 11:22 PM
To: Bryan Burgin; Hongwei Sun
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:110101173790653] MS-SAMR 3.1.1.8.1 objectClass; UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created

Hi Hongwei and Bryan,

I've discovered this by creating computer objects through an LDAP add with only the UF_WORKSTATION_TRUST_ACCOUNT flag specified. Code taken from ldap.py:
>         ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + 
> self.base_dn,
>             "objectClass": "computer",
>             "cn": "LDAPtest2COMPUTER",
>             "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
>             "displayname": "ldap testy"})
Assertion code:
>         res =
> ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
...
>         self.assertEquals(int(res[0]["sAMAccountType"][0]),
> ATYPE_WORKSTATION_TRUST)
>         self.assertEquals(int(res[0]["userAccountControl"][0]),
> UF_WORKSTATION_TRUST_ACCOUNT)
But this is contrary to MS-SAMR 3.1.1.8.1:

Under subitem 1.5 is written that also UF_PASSWD_NOT_REQD is appended if WORKSTATION_TRUST_ACCOUNTs are created. But this obviously isn't done in our ldap.py testcase.

Greets,
Matthias Wallnöfer

Bryan Burgin wrote:
> [Changing case title to reflect new case number] [Changing title]
>
> Matthias,
>
> I created a new case for this issue: SR 110101173790653.  Also, please respond to Hongwei's question below ("could you give a little more description about the blackbox test which reproduces the behavior?")?  Once we receive that information, someone from the team will follow-up with you.
>
> Thanks.
>
> Bryan
>
>
> -----Original Message-----
> From: Hongwei Sun
> Sent: Monday, October 11, 2010 1:35 PM
> To: Matthias Dieter Wallnöfer
> Cc: cifs-protocol at samba.org; Bryan Burgin
> Subject: RE: [REG:110091558099846] RE: Incompleteness in MS-SAMR 
> section 3.1.1.8.1 objectClass
>
> Matthias,
>
>     This seems a new issue even it is in the same section of the document.   We will create a new case to keep track it.   If there is a new issue in our communication in the future , please also copy docHelp, which is monitored by our team,  so it will not be missed in case I am out of office or so.
>
>     As of this issue, could you give a little more description about the blackbox test which reproduces the behavior ?
>
> Thanks!
>
> Hongwei
>
> -----Original Message-----
> From: Matthias Dieter Wallnöfer [mailto:mdw at samba.org]
> Sent: Monday, October 11, 2010 11:29 AM
> To: Hongwei Sun
> Cc: cifs-protocol at samba.org; MSSolve Case Email
> Subject: Re: [REG:110091558099846] RE: Incompleteness in MS-SAMR 
> section 3.1.1.8.1 objectClass
>
> Hongwei,
>
> I think I've found another issue: always MS-SAMR 3.1.1.8.1 "objectClass"
> trigger - this time item 1.5.
>
> Windows doesn't seem to add always UF_PASSWD_NOT_REQD when objects using UF_WORKSTATION_TRUST_ACCOUNT are created. We've a blackbox test which reproduces this. Probably there is some explaination missing; that means under which cases PASSWD_NOT_REQD is added.
>
> Greets,
> Matthias
>
>
>    