[cifs-protocol] [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED
edgaro at microsoft.com
Wed Nov 20 21:12:25 MST 2013
Debugging NetrLogonSamLogonEx in a pass-through scenario between Windows with STATUS_ACCOUNT_LOCKED_OUT, I observed that both (account_locked_out, password_expired) bits are set in the routine that computes user account control bits. account_locked_out is set provided we are within lockout duration, otherwise the account and status will not be locked out.
In my testing, LogonLevel = NetlogonNetworkTransitiveInformation (0n6) and ValidationLevel = NetlogonValidationSamInfo4 (0n6).
Assuming this does not exhibit the behavior you experimented, I would need a debug a TTT trace taken from your repro environment.
Would you be able to have some spare cycles and collect repro traces in the near future so we can conclude on this?
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, November 06, 2013 1:47 AM
To: Edgar Olougouna
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED
On Tue, 2013-11-05 at 22:43 +0000, Edgar Olougouna wrote:
> Just a quick ping to re-iterate the request for debugging traces.
> I will be happy to investigate and clarify the observed behavior.
If you can run the smbtorture command yourself, that would be great, but otherwise I'll try to get to it by the end of the week. I do apologise for being all hot and then cold on this, as you would understand I've been swamped with other things.
For the moment I'm just masking the lockout flag back out in SAMR.
You might be amused to know I'm currently writing slides about our recent fun with Backup for an internal company talk, to show what great things we can do and challenges we face when doing interoperability work.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol