samldb_user_account_control_change
Matthias Dieter Wallnöfer
mdw at samba.org
Sat May 21 09:09:38 MDT 2011
ekacnet,
in general good work, I will push a slightly corrected version (I've
cleaned up a bit the test patch to comply with the other testcases).
Cheers,
Matthias
Matthieu Patou wrote:
> On 19/05/2011 19:50, Matthias Dieter Wallnöfer wrote:
>> Hi ekacnet,
>>
>> regarding
>> htp://git.samba.org/?p=mat/samba.git;a=commitdiff;h=3cfdedd9d6a4be8f229d0030900f808289effe29:
>> please don't sort out these things since the plan is to end up in
>> common LDB add and modify triggers code at some point.
>>
> Ok didn't know it, looked like some leftover, but it's more a start ...
>> Second question: is the sam.py code still passing with your second
>> change?
>>
> Not quite, I changed the code to just do not change the primaryGroupID
> if you are a user because, in this case you can't get the flags
> UF_SERVER_TRUST_ACCOUNT or UF_WORKSTATION_TRUST_ACCOUNT that determine
> that you are a workstation or a (RO)DC and have an influence on your
> group.
>
> In other case it's authorized as you will change group if you get the
> flag UF_SERVER_TRUST_ACCOUNT.
>
> I added a unit test as well.
>
> I guess it's pretty good now at:
> http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/miscsamdb
>
> Any comments ?
>
> Matthieu.
>
>> Cheers,
>> Matthias
>>
>> Matthieu Patou wrote:
>>> Hello Mathias,
>>>
>>> I faced some strange behavior with net setpassword and I'm pretty
>>> sure that's it's linked to samldb_user_account_control_change.
>>>
>>> Are you sure that this function should be called on modify ? At
>>> least I'm sure that primaryGroupID should not be set.
>>>
>>> I made a try with a user with primaryGroupID set to 513, I locked
>>> the user, when I unlock the user, Windows XP sends to a W2k8R2 DC a
>>> modify on userAccountControl but this didn't imply modifying the
>>> primaryGroupID.
>>>
>>> I have the feeling that the group calculation should be done only on
>>> add not on modify.
>>>
>>> So I pushed 2 patches here:
>>>
>>> http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/miscsamdb
>>>
>>> Matthieu.
>>>
>>
>
>
More information about the samba-technical
mailing list