Displaying 3 results from an estimated 3 matches for "workstation_trust_account".
2009 Nov 05
1
Samba + Windows 2008 + Solaris + Native nss_ldap/gssapi - Possible?
...We have a network of Solaris 10 machines authenticating and doing name
lookups via a Windows 2008 (SP2) domain using the Solaris ldap client and
self/gssapi credentials. Each machine has a machine account that is
prepared via a script with the following attributes:
userAccountControl: 4263936 (WORKSTATION_TRUST_ACCOUNT |
DONT_EXPIRE_PASSWORD | DONT_REQ_PREAUTH)
msDS-SupportedEncryptionTypes: 23 (KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 |
KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_DES_CBC_MD5 |
KERB_ENCTYPE_DES_CBC_CRC)
We would like to install a new Samba file server and have it play nicely
with this setup, using...
2015 Apr 09
2
New Samba4 AD - "Logon failure: user account restriction"
On 04/09/2015 01:21 PM, Rowland Penny wrote:
> On 09/04/15 18:03, John E.P. Hynes wrote:
>>
>> On 04/09/2015 11:31 AM, Rowland Penny wrote:
>>> On 09/04/15 16:19, John E.P. Hynes wrote:
>>>> Thanks Rowland, I'll check that out.
>>>>
>>>> The funny thing is though, this workstation is in a "test" environment
>>>>
2015 Apr 09
0
New Samba4 AD - "Logon failure: user account restriction"
...How do I edit these with samba-tool?
> 2) How the heck did they end up "wrong" like this right out of the box?
>
> Any ideas appreciated.
>
> -John
OK, my computer accounts all have this:
userAccountControl: 69632
Which is made up from:
65536 DONT_EXPIRE_PASSWORD
04096 WORKSTATION_TRUST_ACCOUNT
So you could try using ldbmodify on the samba DC to change this.
Create an ldif file, /tmp/computer
dn: CN=computername,CN=Computers,CN=Users,DC=example,DC=com
changetype: modify
replace: UserAccountControl
UserAccountControl: 69632
Don't forget to alter the top line to your settings.
Now...