IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This includes user_principal_name and dns_domain_name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to take care of extra sids in level 3 and 6!
And level 6 also includes user_principal_name and dns_domain_name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is more generic and matches all other places.
As this is only used in the KDC it's not a real logic change.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The results differ depending on Kerberos or NTLMSSP usage
and the lockOutObservationWindow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a complete copy of the code that's currently inline.
I'm doing this in multiple steps in order to keep the diff
in a reviewable state.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should first check if the error number is as expected and
then check for a specific WERROR in the error string.
We also add the full error string as msg to assertTrue(),
so we'll actually see it if the assertion is wrong.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reduces the runtime of the test while still producing reliable results.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non interactive logons doesn't trigger an update
unless the (effective) badPwdCount is not 0 and lockoutTime is 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non interactive logons doesn't reset badPwdCount to 0
when the effective badPwdCount is already 0
(with (badPasswordTime + lockOutObservationWindows) < now).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We also don't need the separation of admincert.pem and admincertupn.pem
anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This matches the behavior of 'samba-tool user create' and 'samba-tool user password'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic is incomplete and the correct logic is already available
via the constructed "msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>