Displaying 4 results from an estimated 4 matches for "ads_uf_normal_account".
2017 Oct 20
2
Some hint reading password expiration data...
In my current ''production'' NT-like domain (samba 4.2, OpenLDAP
backend), password policies seems to ''get written'' to user data.
EG, if i set:
pdbedit -P "maximum password age" -C 7776000
and i change my password, 'Password must change' have a meningful value,
eg 90 days more then the last password change:
root at armitage:~# pdbedit -v
2017 Oct 23
0
Some hint reading password expiration data...
...s with 'never'.
Also, if i look at 'userAccountControl' i found 512 as a value:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'DC=ad,DC=fvg,DC=lnf,DC=it' '(cn=gaio)' | grep '^userAccountControl:' | cut -d ' ' -f 2
512
so 0x200 (ADS_UF_NORMAL_ACCOUNT as stated by
https://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx).
If i disable it:
root at vdcsv1:~# pdbedit --account-control="[D]" gaio
[...]
Account Flags: [DU ]
[...]
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'DC=ad,DC=fvg,D...
2017 Oct 23
3
Some hint reading password expiration data...
...; Also, if i look at 'userAccountControl' i found 512 as a value:
> root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'DC=ad,DC=fvg,DC=lnf,DC=it' '(cn=gaio)' | grep '^userAccountControl:'
> | cut -d ' ' -f 2 512
>
> so 0x200 (ADS_UF_NORMAL_ACCOUNT as stated by
> https://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx).
>
> If i disable it:
> root at vdcsv1:~# pdbedit --account-control="[D]" gaio
> [...]
> Account Flags: [DU ]
> [...]
> root at vdcsv1:~# ldbsearch -H /var/lib/samb...
2004 Aug 20
0
Creating domain users in AD from Linux
...it to work (we couldn't).
For the cleartext2unicodepwd script, see below.
Last thing, userAccountControl. This attribute is a mask with the
following possible values:
ADS_UF_ACCOUNTDISABLE = 0x0002 Disable user account
ADS_UF_PASSWD_NOTREQD = 0x0020 No password is required
ADS_UF_NORMAL_ACCOUNT = 0x0200 Typical user account
The previously created user got a value of `546' (i.e. 0x0222). I set
it to `512' (0x0200):
$ cat >uac.ldif
dn: CN=foobar,CN=Users,DC=yoursite,DC=com
changetype: modify
replace: userAccountControl
userAccountControl: 512
...ldapmod...