Hello,
I receive the following warning in my logs
Account [HP48-PFD$] is disabled
[2016/10/28 14:40:36.973803, 1, pid=1272, effective(0, 0), real(0, 0)]
../source4/rpc_server/netlogon/dcerpc_netlogon.c:382(dcesrv_netr_ServerAuthenticate3)
It appears user accounts behave differently then computer accounts when
disabled. If I disable a user account via. ADUC, the user is not
permitted to log in. If I do the same for a computer account, any user
can still login from that workstation. Are there cached credentials I'm
not taking into account that is permitting this? Thanks.
--
- James
Andrew Bartlett
2016-Oct-29 09:38 UTC
[Samba] Disabled account can still connect to domain
On Fri, 2016-10-28 at 15:15 -0400, lingpanda101 via samba wrote:> Hello, > > I receive the following warning in my logs > > Account [HP48-PFD$] is disabled > > [2016/10/28 14:40:36.973803, 1, pid=1272, effective(0, 0), real(0, > 0)] > ../source4/rpc_server/netlogon/dcerpc_netlogon.c:382(dcesrv_netr_Serv > erAuthenticate3) > > > It appears user accounts behave differently then computer accounts > when > disabled. If I disable a user account via. ADUC, the user is not > permitted to log in. If I do the same for a computer account, any > user > can still login from that workstation. Are there cached credentials > I'm > not taking into account that is permitting this? Thanks.Yes, user accounts are cached on the workstation. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Seemingly Similar Threads
- NAS connection problem to Samba DC
- [PATCH] Enable ConnectTimeout with ConnectionAttempts
- [PATCH] check for default subvolid and act accordingly on install
- [PATCH v3] virtio-rng: return available data with O_NONBLOCK
- [PATCH v3] virtio-rng: return available data with O_NONBLOCK