[cifs-protocol] [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED

Edgar Olougouna edgaro at microsoft.com
Fri Nov 1 09:13:18 MDT 2013

For your convenience, I have uploaded the TTT utility on the workspace.
As usual, from an elevated command prompt:
tttracer -intialize
tttracer -dumpFull -attach <PID of lsass>
Repro the issue
Un-check the dialog box "Tracing On".

Send me the traces as soon as you get a chance.
FYI, I am not allowed to access your source code.


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Friday, November 01, 2013 1:20 AM
To: Edgar Olougouna
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED

On Fri, 2013-11-01 at 02:08 +0000, Edgar Olougouna wrote:
> Andrew,
> Can you provide the network captures as well as TTT traces of lsass.exe?
> What are the exact scenarios in your test cases where you observed STATUS_ACCOUNT_LOCKED_OUT whereby the UF_LOCKOUT flag is not set but UF_PASSWORD_EXPIRED is set?
> Did the password expire first before you receive the error, or was the account locked before the password expired?
> What are the SAMR methods being called? 
> Did you test LDAP as well?

The tests I have don't do LDAP for this, so it's just SAMR.  I've not verified the semantics on PASSWORD_EXPIRED, but AUTOCLOCK does not show up even when SamLogon shows STATUS_ACCOUNT_LOCKED_OUT.

All this is demonstrated by the smbtorture rpc.samr.passwords.lockout test.  See source4/torture/rpc/samr.c line 4189 in git master.


I expect I'll have to wait until I'm back at work next week for a TTT trace.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the cifs-protocol mailing list