Web lists-archives.com

Re: [Samba] Prevent password change from command line






Le 16/01/2018 à 16:41, Rowland Penny via samba a écrit :
On Tue, 16 Jan 2018 16:21:31 +0100
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

Mandi! Arnaud FLORENT via samba
   In chel di` si favelave...

the UserAccountControl flag "PASSWD_CANT_CHANGE" can not be set via
ldap
No, it is not true. You have 'simply'' to OR 0x00010000
userAccountControl attribute, eg:

	userAccountControl = userAccountControl || 0x00010000

0x00010000 is for DONT_EXPIRE_PASSWD
not for


look at:

	https://msdn.microsoft.com/en-us/library/ms680832

You cannot stop the user from changing their password by setting
userAccountControl, you need to deny them permission to their object in
AD.

Rowland
Thanx Rowland for your answer

any server command line tool can help me to edit object perm in AD

samba-tool dsacl set? what is --ssdl format?


--
Arnaud FLORENT
IRIS Technologies

phone: (33) 03 20 65 85 80
fax: (33) 03 20 65 85 81

mailto:aflorent@xxxxxxxxxxxx


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba