[cifs-protocol] [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED
Andrew Bartlett
abartlet at samba.org
Fri Nov 1 00:20:02 MDT 2013
On Fri, 2013-11-01 at 02:08 +0000, Edgar Olougouna wrote:
> Andrew,
> Can you provide the network captures as well as TTT traces of lsass.exe?
> What are the exact scenarios in your test cases where you observed STATUS_ACCOUNT_LOCKED_OUT whereby the UF_LOCKOUT flag is not set but UF_PASSWORD_EXPIRED is set?
> Did the password expire first before you receive the error, or was the account locked before the password expired?
> What are the SAMR methods being called?
> Did you test LDAP as well?
The tests I have don't do LDAP for this, so it's just SAMR. I've not
verified the semantics on PASSWORD_EXPIRED, but AUTOCLOCK does not show
up even when SamLogon shows STATUS_ACCOUNT_LOCKED_OUT.
All this is demonstrated by the smbtorture rpc.samr.passwords.lockout
test. See source4/torture/rpc/samr.c line 4189 in git master.
https://git.samba.org/?p=samba.git;a=blob;f=source4/torture/rpc/samr.c;h=a06529348e518fd9771bf2b0450fe86114b77cc8;hb=HEAD#l4189
I expect I'll have to wait until I'm back at work next week for a TTT
trace.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol
mailing list