Improve badPwdCount, lastLogon and logonCount updates

Stefan Metzmacher metze at samba.org
Mon Jun 27 11:50:09 UTC 2016


Hi Andrew,

>>>>> here're some patches to improve the badPwdCount, lastLogon
>>>>> and logonCount updates.
>>>>>
>>>>> See
>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/
>>>>> he
>>>>> ads/
>>>>> master4-smart-base
>>>>> This is on top of
>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/
>>>>> he
>>>>> ads/
>>>>> master4-pwdlastset.
>>>>> I don't know if it would also apply independently...
>>>>>
>>>>> We may need to add some BUG: markers, but you can start the
>>>>> review...
>>>>
>>>> I've reviewed the bulk of these for pwdLastSet, and have started
>>>> an
>>>> autobuild with them, except for the code to force specific
>>>> replPropertyMetaData values, which both didn't seem to be related
>>>> and
>>>> broke the repl_move test.
>>>
>>> Can you be more specific about that? what did you skip? What did it
>>> break?
>>
>> Run 'make test TESTS=repl_move'
>>
>> The check for expected replPropertyMetaData values in particular.
>>
>>> It seems that the repl_move test is flakey, like other related
>>> ones.
>>
>> That is different, and both Garming and I have posted a patch for
>> that
>> (the schema reload patch, both the HACK patch and a potential fix). 
>>  I
>> intend to review Garming's rework of my schema patch tomorrow.
>>
>>>
>>>> Thanks for your patience.  I'm continuing my review of the rest
>>>> of
>>>> msater4-smart-tmp, which seems to be where the lastLogon and
>>>> logonCount
>>>> patches are.
>>>
>>> I reordered the patchsets, while adding the BUG markers.
>>>
>>> It's now like this:
>>>
>>> master4-pwdlastset => master4-smart-ok => master4-smart-tmp
>>>                                        => master4-gpgme
>>>
>>> These are all ready from my side.
>>
>> Thanks.  Expect some of those to be in autobuild in the next few
>> days. 
> 
> Can you clarify exactly which tests you have run against what versions
> of Windows during these changes?  I'm not having success getting sam.py
> to run against my patched Windows 2012R2, nor password_lockout.py, and
> I'm not sure if this is a local issue or if the updates (Samba or
> windows) have broken something. 
> 
> I'm seeing a lot of:
> 
> LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002011:
> SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')

I also had this a lot, the thing is that minPwdLength not "0".
But this is also a problem with a lot of the existing tests, that's
why I didn't dare to chance it for all tests.

When I set minPwdLength = 0 on the server and install all updates on
Windows.

With that the following works for me:

source4/dsdb/tests/python/sam.py w2012r2-188.w2012r2-l6.base
-Uadministrator%A1b2C3d4 -W W2012R2-L6 --realm w2012r2-l6.base

source4/dsdb/tests/python/password_lockout.py
w2012r2-188.w2012r2-l6.base -Uadministrator%A1b2C3d4 -W W2012R2-L6
--realm w2012r2-l6.base

source4/dsdb/tests/python/user_account_control.py
w2012r2-188.w2012r2-l6.base -Uadministrator%A1b2C3d4 -W W2012R2-L6
--realm w2012r2-l6.base

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160627/7f574f6c/signature.sig>


More information about the samba-technical mailing list