[Samba] Prevent password change from command line
Rowland Penny
rpenny at samba.org
Tue Jan 16 15:41:37 UTC 2018
On Tue, 16 Jan 2018 16:21:31 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Arnaud FLORENT via samba
> In chel di` si favelave...
>
> > the UserAccountControl flag "PASSWD_CANT_CHANGE" can not be set via
> > ldap
>
> No, it is not true. You have 'simply'' to OR 0x00010000
> userAccountControl attribute, eg:
>
> userAccountControl = userAccountControl || 0x00010000
>
> look at:
>
> https://msdn.microsoft.com/en-us/library/ms680832
>
You cannot stop the user from changing their password by setting
userAccountControl, you need to deny them permission to their object in
AD.
Rowland
More information about the samba
mailing list