[Samba] Samba3 joining W2k3 as member server
Andrew Bartlett
abartlet at samba.org
Sat Dec 29 01:13:16 MST 2012
On Sat, 2012-12-29 at 19:31 +1300, Pieter De Wit wrote:
> On 28/12/2012 10:45, Andrew Bartlett wrote:
> > On Fri, 2012-12-28 at 10:30 +1300, Pieter De Wit wrote:
> >> On 22/12/2012 14:56, Andrew Bartlett wrote:
> >>> On Sat, 2012-12-22 at 14:28 +1300, Pieter De Wit wrote:
> >>>> I stand corrected re the MS comment then. How do I get the userAccountControl?
> >>> userAccountControl is an ldap attribute, on the DC object. ldapsearch,
> >>> or a GUI LDAP browser (ldp.exe on windows is one) will be able to show
> >>> it.
> >>>
> >>> Andrew Bartlett
> >>>
> >> Hi Andrew,
> >>
> >> Finally got time to pull this:
> >>
> >> userAccountControl: 69632
> > This is 0x11000
> >
> > #define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
> > #define UF_DONT_EXPIRE_PASSWD 0x00010000
> >
> > If this remains an issue with current management tools, then I guess we
> > can raise a bug to see if we really, really need to set
> > UF_DONT_EXPIRE_PASSWD in that bitmask.
> >
> > Andrew Bartlett
> >
> Andrew,
>
> Is it worth setting the value to 0x1000 and see what the tools show
> before logging the bug ?
It would be a useful data point.
> What is the "correct" value for a Member Server ?
It just needs UF_WORKSTATION_TRUST_ACCOUNT
I've seen contradictory stuff about if workstation accounts can expire.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list