[Samba] Prevent password change from command line
Arnaud FLORENT
aflorent at iris-tech.fr
Tue Jan 16 15:54:17 UTC 2018
Le 16/01/2018 à 16:41, Rowland Penny via samba a écrit :
> On Tue, 16 Jan 2018 16:21:31 +0100
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
>> Mandi! Arnaud FLORENT via samba
>> In chel di` si favelave...
>>
>>> the UserAccountControl flag "PASSWD_CANT_CHANGE" can not be set via
>>> ldap
>> No, it is not true. You have 'simply'' to OR 0x00010000
>> userAccountControl attribute, eg:
>>
>> userAccountControl = userAccountControl || 0x00010000
0x00010000 is for DONT_EXPIRE_PASSWD
not for
>>
>> look at:
>>
>> https://msdn.microsoft.com/en-us/library/ms680832
>>
> You cannot stop the user from changing their password by setting
> userAccountControl, you need to deny them permission to their object in
> AD.
>
> Rowland
Thanx Rowland for your answer
any server command line tool can help me to edit object perm in AD
samba-tool dsacl set? what is --ssdl format?
--
Arnaud FLORENT
IRIS Technologies
phone: (33) 03 20 65 85 80
fax: (33) 03 20 65 85 81
mailto:aflorent at iris-tech.fr
More information about the samba
mailing list