search for: fuserpwdsupport

...over LDAP must be over an encrypted connection" > > To mitigate this, I set > `fAllowPasswordOperationsOverNonSecureConnection` (`dSHeuristic` 13): > > `root at addc-test:~# samba-tool forest directory_service dsheuristics > 0000000011001` > > Note that I also set fUserPwdSupport to 1, which I don't believe to > be needed (as I'm using `unicodePwd`, not `userPassword`), which > means TRUE according to > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > > "If this character is neither &...

...o mitigate this, I set > >> `fAllowPasswordOperationsOverNonSecureConnection` (`dSHeuristic` > >> 13): > >> > >> `root at addc-test:~# samba-tool forest directory_service dsheuristics > >> 0000000011001` > >> > >> Note that I also set fUserPwdSupport to 1, which I don't believe to > >> be needed (as I'm using `unicodePwd`, not `userPassword`), which > >> means TRUE according to > >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > >> > &...

...rypted connection" >> >> To mitigate this, I set >> `fAllowPasswordOperationsOverNonSecureConnection` (`dSHeuristic` 13): >> >> `root at addc-test:~# samba-tool forest directory_service dsheuristics >> 0000000011001` >> >> Note that I also set fUserPwdSupport to 1, which I don't believe to >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> means TRUE according to >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >> >> "If this cha...

...;> >> `fAllowPasswordOperationsOverNonSecureConnection` (`dSHeuristic` >> >> 13): >> >> >> >> `root at addc-test:~# samba-tool forest directory_service dsheuristics >> >> 0000000011001` >> >> >> >> Note that I also set fUserPwdSupport to 1, which I don't believe to >> >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> >> means TRUE according to >> >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >>...

...ully- says: "Password modification over LDAP must be over an encrypted connection" To mitigate this, I set `fAllowPasswordOperationsOverNonSecureConnection` (`dSHeuristic` 13): `root at addc-test:~# samba-tool forest directory_service dsheuristics 0000000011001` Note that I also set fUserPwdSupport to 1, which I don't believe to be needed (as I'm using `unicodePwd`, not `userPassword`), which means TRUE according to https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: "If this character is neither "0" nor "...

...rying to change passwords on my Samba 4.7 AD via LDAP: ``` ldap_exop_passwd(): Passwd modify extended operation failed: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported ``` Is this feature (1.3.6.1.4.1.4203.1.11.1) still not supported? Also, I have tried setting dsHeuristics for iutem 9 (fUserPwdSupport) to 1 with: ``` samba-tool forest directory_service dsheuristics 000000001 ``` But there doesn't seem to be a way to get it to reset to "default value" (empty). Any ideas how I would do that? Thanks, Ben

On Mon, 28 Oct 2024 15:01:35 +0100 William David Edwards <wedwards at cyberfusion.nl> wrote: > > As mentioned before, I'm able to log in with a password set using > `userPassword` when `fUserPwdSupport` is enabled. > I have only been using Samba 4 for the last 12 years and I have never used the 'userPassword' attribute, I have only used the 'unicodePwd' attribute. I have a bash script to set a users password, but I was lead to believe that Samba was changed to match Microsoft...

...n seen on Active Directory DCs, and Samba has not had a patch for this contributed. We would welcome such a feature, but note it would need to be quite carefully implemented and tested to ensure it honours all the appropriate ACLs. > Also, I > have tried setting dsHeuristics for iutem 9 (fUserPwdSupport) to 1 > with: > > ``` > samba-tool forest directory_service dsheuristics 000000001 > ``` > > But there doesn't seem to be a way to get it to reset to "default > value" (empty). Any ideas how I would do that? All-zeros will be the default, but aside from want...

Rowland Penny via samba schreef op 2024-10-28 15:32: > On Mon, 28 Oct 2024 15:01:35 +0100 > William David Edwards <wedwards at cyberfusion.nl> wrote: >> >> As mentioned before, I'm able to log in with a password set using >> `userPassword` when `fUserPwdSupport` is enabled. >> > > I have only been using Samba 4 for the last 12 years and I have never > used the 'userPassword' attribute, I have only used the 'unicodePwd' > attribute. I have a bash script to set a users password, but I was lead > to believe that Samba w...

Op 27-10-2024 om 21:11 schreef William David Edwards: > Kees van Vloten schreef op 2024-10-27 20:45: >> Op 27-10-2024 om 19:58 schreef William David Edwards: >>> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>>>> On Sun, 27 Oct 2024 15:08:14 +0100 >>>>> William Edwards

...schreef op 2024-10-28 15:32: > >>> On Mon, 28 Oct 2024 15:01:35 +0100 > >>> William David Edwards <wedwards at cyberfusion.nl> wrote: > >>>> As mentioned before, I'm able to log in with a password set using > >>>> `userPassword` when `fUserPwdSupport` is enabled. > >>>> > >>> I have only been using Samba 4 for the last 12 years and I have > >>> never used the 'userPassword' attribute, I have only used the > >>> 'unicodePwd' attribute. I have a bash script to set a users > &gt...

...d Penny via samba schreef op 2024-10-28 15:32: > > On Mon, 28 Oct 2024 15:01:35 +0100 > > William David Edwards <wedwards at cyberfusion.nl> wrote: > >> > >> As mentioned before, I'm able to log in with a password set using > >> `userPassword` when `fUserPwdSupport` is enabled. > >> > > > > I have only been using Samba 4 for the last 12 years and I have > > never used the 'userPassword' attribute, I have only used the > > 'unicodePwd' attribute. I have a bash script to set a users > > password, but I wa...

...land Penny via samba schreef op 2024-10-28 15:32: >>> On Mon, 28 Oct 2024 15:01:35 +0100 >>> William David Edwards <wedwards at cyberfusion.nl> wrote: >>>> As mentioned before, I'm able to log in with a password set using >>>> `userPassword` when `fUserPwdSupport` is enabled. >>>> >>> I have only been using Samba 4 for the last 12 years and I have >>> never used the 'userPassword' attribute, I have only used the >>> 'unicodePwd' attribute. I have a bash script to set a users >>> password, but I...