locked
[MS-SAMR] Incorrect Logic in AccountLockOut Validation in 3.1.5.13.7.1 RRS feed

  • Question

  • Hi,

    I am trying to understand the validation of user authentication (3.1.5.13.7.1 samValidateAuthentication) section of [MS-SAMR]. And document is saying the fallowing...

    LockoutTime plus DomainLockoutDuration is less than or equal to the current time. -  ValidationStatus MUST be set to SamValidateAccountLockedOut.  

    LockoutTime plus DomainLockoutDuration is greater than the current time -  LockoutTime MUST be set to 0 (and continue processing). 

    But according to logic it should be like...

    LockoutTime plus DomainLockoutDuration is less than or equal to the current time. - LockoutTime MUST be set to 0 (and continue processing). 

    LockoutTime plus DomainLockoutDuration is greater than the current time - ValidationStatus MUST be set to SamValidateAccountLockedOut. 

    Are you sure that document is saying correct. If yes, can you explain the logic how it will correct statement.....

     

     

    Thanks in Advance....!!


    Wednesday, June 8, 2011 6:50 AM

Answers

  • Prasanna,

    You observation is correct. I confirmed this logic is the source code. I have opened a document bug to get this addressed in a future release of MS-SAMR.

    Thanks for reporting this issue and help improve the specification.

    Regards,

    Edgar

     

    Friday, June 10, 2011 4:33 PM

All replies

  • Hi Prasanna Kumar G,

     

    Thank you for your question.  An engineer from the Protocols team will respond soon.

     


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team
    Wednesday, June 8, 2011 4:00 PM
  • Prasanna,

    I am looking into this and will follow-up as soon as I complete investigation.

    Thanks,

    Edgar

    Wednesday, June 8, 2011 7:12 PM
  • Prasanna,

    You observation is correct. I confirmed this logic is the source code. I have opened a document bug to get this addressed in a future release of MS-SAMR.

    Thanks for reporting this issue and help improve the specification.

    Regards,

    Edgar

     

    Friday, June 10, 2011 4:33 PM