[Case number in subject] [Casemail to cc] [Dochelp to bcc] Hi Andrew,
Thank you for your request. The case number 2404240040010190 has been created for this inquiry. One of our team members will follow up with you soon. Best regards, Mike Bowen Sr. Escalation Engineer - Microsoft® Corporation ________________________________ From: Andrew Bartlett <abart...@samba.org> Sent: Tuesday, April 23, 2024 5:52 PM To: Interoperability Documentation Help <doch...@microsoft.com> Cc: cifs-protocol mailing list <cifs-protocol@lists.samba.org> Subject: [EXTERNAL] Protocol documentation for automatic rollover of expired passwords with UF_SMARTCARD_REQUIRED Kia Ora Dochelp! I'm looking for any documentation as to the finer details of DCs can support automatic rolling of the NTLM and other password-based secrets on a user account configured to require PKI authentication. This configuration is also known as "Smart card required for interactive logon" from https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2016-domain-functional-level-features I don't see any mention of this in MS-ADPS, but am not sure where next to check. In particular, while I have reproduced the rollover for 'must change now', I'm wondering when the password otherwise rolls over, is it before the expiry (eg with the 'old password allowed time' grace of 60mins for example, or at the expiry? Thanks, Andrew Bartlett
_______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
