Meaning of ACB_PWNOTREQ / UF_PASSWD_NOTREQD

In Samba4, we map the userAccountControl flag UF_PASSWD_NOTREQD to the
SAMR flag ACB_PWNOTREQ, and we use this to indicate 'no password (or any
password) required for this account'.  

That is, when this flag is set, and NULL passwords are permitted (as a
global setting 'null passwords = yes' in the smb.conf), we allow any
password to operate/log in to the marked account.

However, I'm not sure if this is the meaning Microsoft assigns to this
flag.  Could you please clarify AD's behaviour in the situation where
this flag is set on an user account?

If this is not the correct way to handle 'no password required for
logon', Is there another way to indicate this?

Thanks,

(I want to get this right, or else migrations from Windows domains might
open a security hole)

Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.


_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol