[s4] Passwords work

Matthias Dieter Wallnöfer mdw at samba.org
Sun Apr 11 02:20:42 MDT 2010

abartlet, you should now be able to try it out. It should pass "make test" (also the RPC password changes) since I added the third control as you suggested.


--- Andrew Bartlett <abartlet at samba.org> schrieb am Mi, 24.3.2010:

Von: Andrew Bartlett <abartlet at samba.org>
Betreff: Re: [s4] Passwords work
An: "Matthias Dieter Wallnöfer" <mdw at samba.org>
CC: "Andrew Tridgell" <tridge at samba.org>, samba-technical at samba.org
Datum: Mittwoch, 24. März, 2010 09:29 Uhr

On Sun, 2010-02-21 at 23:04 +0100, Matthias Dieter Wallnöfer wrote:
> In my personal repo under the "passwords" branch I finally completed the 
> work regarding the LDAP password handling for s4.
> I spoke already once to abartlet and he gave me some suggestions which I 
> implemented (eg the additional controls - one for returning password 
> policy information, one for allowing password changes/sets only through 
> hashes - which bypasses some checks). In addition I have finished a 
> python test suite (passwords.py) which shows the password handling 
> capabilities directly over LDAP (indirectly we have it already through 
> the SAMR password tests).
> I tried to match the LDAP result codes of Windows as much as possible. I 
> was stuck to run the my test script against Windows since it requires a 
> LDAPS over SSL connection and I didn't know how to get this working on 
> s4 as a client. So I generated analogous test requests with an LDAP 
> client on the server (where I managed to prepare and install the 
> certificate) and compared the results.

I've pushed changes that allow the NTLM encryption of LDAP connections
to windows to finally work. 

If you could proceed with the modifications to your python script to use
encryption (that I posted earlier), and verify that your tests pass
against Windows, then we can proceed to a final review and merge of your

I'm sorry this took so long,

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 

More information about the samba-technical mailing list