search for: 33950617d2c5

...000000011001` > > Note that I also set fUserPwdSupport to 1, which I don't believe to > be needed (as I'm using `unicodePwd`, not `userPassword`), which > means TRUE according to > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > > "If this character is neither "0" nor "2", then the fUserPwdSupport > heuristic is TRUE. If this character is "2", then the fUserPwdSupport > heuristic is FALSE. If this character is "0", then the > fUserPwdSupport heuristic is FAL...

...gt; >> Note that I also set fUserPwdSupport to 1, which I don't believe to >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> means TRUE according to >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >> >> "If this character is neither "0" nor "2", then the fUserPwdSupport >> heuristic is TRUE. If this character is "2", then the fUserPwdSupport >> heuristic is FALSE. If this character is "0", then the >> fUserPwdSuppor...

...password change via ldap? : >>>>> >>>>> samba-tool forest directory_service dsheuristics '000000001' >>>> >>>> According to >>>> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5, >>>> a dSHeuristic is required only for changing passwords over >>>> unencrypted LDAP >>>> (`fAllowPasswordOperationsOverNonSecureConnection`). >>> Above link talks about AD DS vs. AD LDS (where the latter refers to >>> ldap, unclear what t...

...ses (no need for a MITM to look at the payload). >>> > Did you enable password change via ldap? : > > samba-tool forest directory_service dsheuristics '000000001' According to https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5, a dSHeuristic is required only for changing passwords over unencrypted LDAP (`fAllowPasswordOperationsOverNonSecureConnection`). As mentioned, modifying `unicodePwd` does not work over LDAPS either in my specific case, so a heuristic should not be needed. Also, changing passwords the same way...

...ote that I also set fUserPwdSupport to 1, which I don't believe to > >> be needed (as I'm using `unicodePwd`, not `userPassword`), which > >> means TRUE according to > >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > >> > >> "If this character is neither "0" nor "2", then the fUserPwdSupport > >> heuristic is TRUE. If this character is "2", then the > >> fUserPwdSupport heuristic is FALSE. If this character is "0", then > &g...

...t;> Did you enable password change via ldap? : >>>> >>>> samba-tool forest directory_service dsheuristics '000000001' >>> >>> According to >>> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5, >>> a dSHeuristic is required only for changing passwords over >>> unencrypted LDAP (`fAllowPasswordOperationsOverNonSecureConnection`). >> Above link talks about AD DS vs. AD LDS (where the latter refers to >> ldap, unclear what the first is). At the same that lda...

...ook at the payload). >>>> >> Did you enable password change via ldap? : >> >> samba-tool forest directory_service dsheuristics '000000001' > > According to > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5, > a dSHeuristic is required only for changing passwords over unencrypted > LDAP (`fAllowPasswordOperationsOverNonSecureConnection`). Above link talks about AD DS vs. AD LDS (where the latter refers to ldap, unclear what the first is). At the same that ldap must be over ssl/tls, as is men...

...t;>> >>> Did you enable password change via ldap? : >>> >>> samba-tool forest directory_service dsheuristics '000000001' >> >> According to >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5, >> a dSHeuristic is required only for changing passwords over unencrypted >> LDAP (`fAllowPasswordOperationsOverNonSecureConnection`). > Above link talks about AD DS vs. AD LDS (where the latter refers to > ldap, unclear what the first is). At the same that ldap must be over...

...lso set fUserPwdSupport to 1, which I don't believe to >> >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> >> means TRUE according to >> >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >> >> >> >> "If this character is neither "0" nor "2", then the fUserPwdSupport >> >> heuristic is TRUE. If this character is "2", then the >> >> fUserPwdSupport heuristic is FALSE. If this character is "0&quot...

Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: > On Sun, 27 Oct 2024 15:08:14 +0100 > William Edwards <wedwards at cyberfusion.nl> wrote: > >>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>> <samba at lists.samba.org> het volgende geschreven: >>> >>> ?On Sun, 27 Oct 2024 13:58:56 +0100 >>> William David Edwards

On Tue, 29 Oct 2024 10:57:38 +0100 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 29-10-2024 om 10:12 schreef Rowland Penny via samba: > > On Mon, 28 Oct 2024 17:48:53 +0100 > > William David Edwards via samba <samba at lists.samba.org> wrote: > > > >> Rowland Penny via samba schreef op 2024-10-28 15:32: > >>> On Mon,