mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
e40af276f8
When a user's password-hash is modified, we need the PSO settings for that user, so that any lockout settings get applied correctly. To do this, we query the msDS-ResultantPSO in the user search. Then, if a PSO applies to the user, we add in a extra search to retrieve the PSO's settings. Once the PSO search completes, we continue with the modify operation. In the event of error cases, I've tried to fallback to logging the problem and continuing with the default domain settings. However, unusual internal errors will still fail the operation. We can pass the PSO result into dsdb_update_bad_pwd_count(), which means the PSO's lockout-threshold and observation-window are now used. This is enough to get the remaining lockout tests passing. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> |
||
---|---|---|
.. | ||
dns | ||
encrypted_secrets | ||
getncchanges | ||
keytab | ||
netlogon | ||
ntlmv1-restrictions | ||
ntlmv2-restrictions | ||
password_hash_gpgme | ||
password_settings | ||
README | ||
replica_sync | ||
s3-lsa-server | ||
samba3.vfs.fruit | ||
smbclient-smb3 | ||
upn_handling |
# Files in this directory contain lists of regular expressions # matching the names of tests that are temporarily expected to fail. # # "make test" will not report failures for tests listed here and will consider # a successful run for any of these tests an error. # # Empty lines and lines begining with '#' are ignored. # Please don't add tests to this README!