[Samba] Question about silos and Authentication policies
Stefan Kania
stefan at kania-online.de
Wed Nov 1 18:22:25 UTC 2023
Hi Rob
Am 31.10.23 um 00:43 schrieb Rob van der Linde via samba:
> I was playing around again with Windows and when you add members to
> silos, or remove them, it should not set/unset assigned silo on the user.
>
That's right you as an admin have to remove or add the user to a silo.
> So I've got a new pull request in Draft state still where I remove that
> functionality, as well as add some new commands to samba-tool user command.
great :-)
>
> It turned out to be easier to add sub commands to user, as edit user
> wasn't quite what I thought it was and I had realised that after writing
> my last email.
>
> samba-tool user auth silo assign/remove/view
> samba-tool user auth policy assign/remove/view
>
> I probably completely have the wording wrong still, I'm going to look at
> using the same wording as Windows does so please consider this PR a
> draft only. I'm having a look at the Windows tooling in detail now.
>
And please don't forget the conditions! with out the conditions a policy
is doing nothing.
This howto explains everythin pretty goog even the conditions. Most of
the howtos you find are missing thr conditions or setting the wrong GPO
to get policies and silos working.
https://azurecloudai.blog/2019/12/09/protect-administrative-accounts-with-authentication-policies-and-silos/
> On 28/10/23 03:54, Stefan Kania via samba wrote:
>>
>>
>> Am 27.10.23 um 02:32 schrieb Rob van der Linde via samba:
>>> The missing functionality is --silo and --policy on modify user, and
>>> probably also create user commands.
>>
>> That's exacly right, that's also the way Windows is handling this.
>>
>
More information about the samba
mailing list