[Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"

Andrew Bartlett abartlet at samba.org
Mon May 27 20:50:05 MDT 2013

On Tue, 2013-05-28 at 10:32 +0800, Tide wrote:
> We have a third party mail system which can write/read accounts to/from AD using ldaps protocol, it works fine with active directory of windows server 2003.
> When I test the mail system with samba4 DC, I can't disable user from the mail system, because the mail system write 0x800002 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) to userAccountControl field of AD/samba4, and samldb returns "Unrecognized account type" error.
> Is this expected behaviour or a possible bug?
> # test from command line
> ldbedit --show-binary -H /usr/local/samba/private/sam.ldb sAMAccountName=YOUR_ACCOUNT userAccountControl
> # then change userAccountControl to 8388610, save, quit editor

If it works against Windows and doesn't work against Samba, it's a bug.
We need to know what the value becomes after you do this against
windows, then then we need the tests updated to cover this case.  

Presumably the UF_NORMAL_ACCOUNT flag is implied.

Once that's done, it shouldn't be too hard to also imply it.

Any chance you can look into this for us?  


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list