search for: uf_interdomain_trust_account

...t > some trubles on, eg, workstation join or the renew of the machine > password? No. /* Only non-trust accounts have restrictions (possibly this test is the * wrong way around, but we like to be restrictive if possible */ io->u.restrictions = !(io->u.userAccountControl & (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT)); Later: if (io->u.restrictions == 0) { /* FIXME: Is this right? */ return LDB_SUCCESS; } The script won't be run for machine accounts. > > Problem with using GPOs for password complexity, GPOs do not apply to >...

...account named TRUSTING$ on ATENEOAD AD controller. Unfortunately neither: smbpasswd -i -a TRUSTING nor: net rpc trustdom add TRUSTING work. Error is: Failed to modify record CN=TRUSTING$,CN=Users,DC=ad,DC=EXAMPLE,DC=org: Failed to modify CN=TRUSTING$,CN=Users,DC=ad,DC=EXAMPLE,DC=org: Updating the UF_INTERDOMAIN_TRUST_ACCOUNT bit in userAccountControl is not permitted over LDAP. This bit is restricted to the LSA CreateTrustedDomain interface On the other hand, the following works: /opt/samba$ sudo ./bin/net rpc trust create otherdomainsid=S-1-5-21-3818863361-4285555769-2448187145 other_netbios_domain=TRUSTING otherdom...

Mandi! Rowland Penny via samba In chel di` si favelave... > The password settings are related to the DC and by default you cannot > set or change a password if it isn't complex enough Ok. >, you do not need to use an external script. Ahem, someone out there need it. ;-) This mean that, if i keep a 'check password script', i could also hit some trubles on, eg,