[cifs-protocol] Where is account lockout and password expiry described in the docs?

[Sebastian Canevari]

Hi Andrew,

I'll be helping you out with this request.

As soon as I have answers or questions I'll let you know.


Thanks and regards,

Sebastian


Sebastian Canevari | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
P +1 469 775 7849 
One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com

-----Original Message-----
From: cifs-protocol-bounces at cifs.org [mailto:cifs-protocol-bounces at cifs.org] On Behalf Of Andrew Bartlett
Sent: Wednesday, October 16, 2013 11:40 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: [cifs-protocol] Where is account lockout and password expiry described in the docs?

I've been looking for the formal documentation for account lockout and expiry handling.  There are no references that I can find in 

The only reference in MS-ADTS is in 6.1.5.4 PDC Emulator FSMO Role, which gives the clue that we need to forward all bad passwords to the PDC.  But that leaves a lot of questions, like what to do (what error to
give) if the PDC is offline. 

The only reference in MS-SAMR is to actual enforcement is in .1.5.14.5 Account Lockout Enforcement and Reset, but this is for password change. 

There is also MS-SAMR 3.1.5.13.7.1 SamValidateAuthentication but nothing I could find indicates how this fits in to the broader picture. 

MS-NRPC refers to this as passthough authentication, and MS-NLMP does not describe expiry or lockout at all.

Where can I find a clear description of how to implement account lockout (for bad passwords) and expiry?

Thanks,

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz


_______________________________________________
cifs-protocol mailing list
cifs-protocol at cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol