[cifs-protocol] [REG:113103010905266] Behaviour of UF_LOCKOUT compared with UF_PASSWORD_EXPIRED
Andrew Bartlett
abartlet at samba.org
Wed Nov 20 21:17:38 MST 2013
On Thu, 2013-11-21 at 04:12 +0000, Edgar Olougouna wrote:
> Andrew,
> Debugging NetrLogonSamLogonEx in a pass-through scenario between Windows with STATUS_ACCOUNT_LOCKED_OUT, I observed that both (account_locked_out, password_expired) bits are set in the routine that computes user account control bits. account_locked_out is set provided we are within lockout duration, otherwise the account and status will not be locked out.
> In my testing, LogonLevel = NetlogonNetworkTransitiveInformation (0n6) and ValidationLevel = NetlogonValidationSamInfo4 (0n6).
> Assuming this does not exhibit the behavior you experimented, I would need a debug a TTT trace taken from your repro environment.
> Would you be able to have some spare cycles and collect repro traces in the near future so we can conclude on this?
Yes, I expect to do so soon. The case where I saw this was not on
SamLogon, but directly over SAMR.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the cifs-protocol
mailing list