samldb_user_account_control_change

[Matthieu Patou]

On 19/05/2011 19:50, Matthias Dieter Wallnöfer wrote:
> Hi ekacnet,
>
> regarding 
> htp://git.samba.org/?p=mat/samba.git;a=commitdiff;h=3cfdedd9d6a4be8f229d0030900f808289effe29: 
> please don't sort out these things since the plan is to end up in 
> common LDB add and modify triggers code at some point.
>
Ok didn't know it, looked like some leftover, but it's more a start ...
> Second question: is the sam.py code still passing with your second 
> change?
>
Not quite, I changed the code to just do not change the primaryGroupID 
if you are a user because, in this case you can't get the flags
UF_SERVER_TRUST_ACCOUNT or UF_WORKSTATION_TRUST_ACCOUNT that determine 
that you are a workstation or a (RO)DC and have an influence on your group.

In other case it's authorized as you will change group if you get the 
flag UF_SERVER_TRUST_ACCOUNT.

I added a unit test as well.

I guess it's pretty good now at:
http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/miscsamdb

Any comments ?

Matthieu.

> Cheers,
> Matthias
>
> Matthieu Patou wrote:
>> Hello Mathias,
>>
>> I faced some strange behavior with net setpassword and I'm pretty 
>> sure that's it's linked to samldb_user_account_control_change.
>>
>> Are you sure that this function should be called on modify ? At least 
>> I'm sure that primaryGroupID should not be set.
>>
>> I made a try with a user with primaryGroupID set to 513, I locked the 
>> user, when I unlock the user, Windows XP sends to a W2k8R2 DC a 
>> modify on userAccountControl but this didn't imply modifying the 
>> primaryGroupID.
>>
>> I have the feeling that the group calculation should be done only on 
>> add not on modify.
>>
>> So I pushed 2 patches here:
>>
>> http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/miscsamdb
>>
>> Matthieu.
>>
>


-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary