Displaying 4 results from an estimated 4 matches for "uf_server_trust_account".
2015 Jan 15
0
[Announce] Samba 4.1.16 and 4.0.24 Security Releases Available
...samba.org/samba/history/security.html
o CVE-2014-8143:
Samba's AD DC allows the administrator to delegate
creation of user or computer accounts to specific users or groups.
However, all released versions of Samba's AD DC did not implement the
additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
userAccountControl attributes.
Changes:
========
o Andrew Bartlett <abartlet at samba.org>
* BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
rights before we allow changes to userAccountControl.
#######################################
Reporting...
2015 Jan 15
0
[Announce] Samba 4.1.16 and 4.0.24 Security Releases Available
...samba.org/samba/history/security.html
o CVE-2014-8143:
Samba's AD DC allows the administrator to delegate
creation of user or computer accounts to specific users or groups.
However, all released versions of Samba's AD DC did not implement the
additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
userAccountControl attributes.
Changes:
========
o Andrew Bartlett <abartlet at samba.org>
* BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
rights before we allow changes to userAccountControl.
#######################################
Reporting...
2017 Oct 24
0
'check password script' and Join...
...machine
> password?
No.
/* Only non-trust accounts have restrictions (possibly this
test is the
* wrong way around, but we like to be restrictive if possible
*/
io->u.restrictions = !(io->u.userAccountControl
& (UF_INTERDOMAIN_TRUST_ACCOUNT |
UF_WORKSTATION_TRUST_ACCOUNT
| UF_SERVER_TRUST_ACCOUNT));
Later:
if (io->u.restrictions == 0) {
/* FIXME: Is this right? */
return LDB_SUCCESS;
}
The script won't be run for machine accounts.
> > Problem with using GPOs for password complexity, GPOs do not apply to
> > Samba DCs.
>
> Ok, i mean that: i can setup pas...
2017 Oct 24
3
'check password script' and Join...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The password settings are related to the DC and by default you cannot
> set or change a password if it isn't complex enough
Ok.
>, you do not need to use an external script.
Ahem, someone out there need it. ;-)
This mean that, if i keep a 'check password script', i could also hit
some trubles on, eg,