authentication policies in Samba 4.21
Stefan Kania
stefan at kania-online.de
Tue Nov 5 10:13:42 UTC 2024
Hi Jennifer
Am 04.11.24 um 21:22 schrieb Jennifer Sutton via samba-technical:
> On 5/11/24 7:27 am, Stefan Kania via samba-technical wrote:
>> Inside the policy (comparing to a Windows AD) I still missing:
>> msDS-UserAllowedToAuthenticateFrom
>> msDS-ServiceAllowedToAuthenticateFrom
>> It's not possible to set this values with samba-tool
>
> Have you tried --user-allowed-to-authenticate-from=SDDL and --service-
> allowed-to-authenticate-from=SDDL?
>
No, not up to now. But now I changed the settings. On both, the windows
AD and the Samba AD all the settings are the same, but still not working
with Samba AD.
The user who is a member of the silo can't login on the computer who is
member of the silo BUT he also can't login to any other computer in the
domain. He is getting the same message, that he is not allowed to login
on this computer (what is right for the computer who is member of the
silo). BTW now it's the first time I'm getting the correct message.
All other users can't also not login to the computer from the silo, but
on any other computer. Getting a message "This computer is protected
with a authenticainfirewall".
>>
>> I'm missing:
>> msDS-AssignedAuthNPolicySiloBL for all members
>
> You don’t set this on the silo. You assign the members to the silo with
> ‘samba-tool user auth silo assign <username> [options]’.
I know, but this is still the only attribute that is set in the windows
AD but not in the Samba AD.
> Cheers,
> Jennifer (she/her)
>
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x52F6D4DD1BB68AB5.asc
Type: application/pgp-keys
Size: 636 bytes
Desc: OpenPGP public key
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241105/2a182574/OpenPGP_0x52F6D4DD1BB68AB5.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241105/2a182574/OpenPGP_signature.sig>
More information about the samba-technical
mailing list