Good morning Andrew. Thanks for your question. I have created the below case for you on this matter; one of my colleagues or I will take ownership of this and contact you shortly.
SRX080905600018 [MS-ADTS] 2.2.15 ADS_UF_PASSWD_NOTREQD semantics Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2008 11:13 PM To: Interoperability Documentation Help Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Meaning of ACB_PWNOTREQ / UF_PASSWD_NOTREQD In Samba4, we map the userAccountControl flag UF_PASSWD_NOTREQD to the SAMR flag ACB_PWNOTREQ, and we use this to indicate 'no password (or any password) required for this account'. That is, when this flag is set, and NULL passwords are permitted (as a global setting 'null passwords = yes' in the smb.conf), we allow any password to operate/log in to the marked account. However, I'm not sure if this is the meaning Microsoft assigns to this flag. Could you please clarify AD's behaviour in the situation where this flag is set on an user account? If this is not the correct way to handle 'no password required for logon', Is there another way to indicate this? Thanks, (I want to get this right, or else migrations from Windows domains might open a security hole) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol