[Samba] userAccountControl can't be set to 0x800002 (8388610, UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED):"samldb: Unrecognized account type"
Andrew Bartlett
abartlet at samba.org
Mon May 27 20:50:05 MDT 2013
On Tue, 2013-05-28 at 10:32 +0800, Tide wrote:
> We have a third party mail system which can write/read accounts to/from AD using ldaps protocol, it works fine with active directory of windows server 2003.
>
> When I test the mail system with samba4 DC, I can't disable user from the mail system, because the mail system write 0x800002 (8388610,UF_ACCOUNTDISABLED | UF_PASSWORDEXPIRED) to userAccountControl field of AD/samba4, and samldb returns "Unrecognized account type" error.
>
> Is this expected behaviour or a possible bug?
>
> # test from command line
> ldbedit --show-binary -H /usr/local/samba/private/sam.ldb sAMAccountName=YOUR_ACCOUNT userAccountControl
> # then change userAccountControl to 8388610, save, quit editor
If it works against Windows and doesn't work against Samba, it's a bug.
We need to know what the value becomes after you do this against
windows, then then we need the tests updated to cover this case.
Presumably the UF_NORMAL_ACCOUNT flag is implied.
Once that's done, it shouldn't be too hard to also imply it.
Any chance you can look into this for us?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list