authentication policies in Samba 4.21

Stefan Kania stefan at kania-online.de
Tue Nov 5 10:13:42 UTC 2024


Hi Jennifer

Am 04.11.24 um 21:22 schrieb Jennifer Sutton via samba-technical:
> On 5/11/24 7:27 am, Stefan Kania via samba-technical wrote:
>> Inside the policy (comparing to a Windows AD) I still missing:
>> msDS-UserAllowedToAuthenticateFrom
>> msDS-ServiceAllowedToAuthenticateFrom
>> It's not possible to set this values with samba-tool
> 
> Have you tried --user-allowed-to-authenticate-from=SDDL and --service- 
> allowed-to-authenticate-from=SDDL?
> 
No, not up to now. But now I changed the settings. On both, the windows 
AD and the Samba AD all the settings are the same, but still not working 
with Samba AD.
The user who is a member of the silo can't login on the computer who is 
member of the silo BUT he also can't login to any other computer in the 
domain. He is getting the same message, that he is not allowed to login 
on this computer (what is right for the computer who is member of the 
silo). BTW now it's the first time I'm getting the correct message.

All other users can't also not login to the computer from the silo, but 
on any other computer. Getting a message "This computer is protected 
with a authenticainfirewall".


>>
>> I'm missing:
>> msDS-AssignedAuthNPolicySiloBL for all members
> 
> You don’t set this on the silo. You assign the members to the silo with 
> ‘samba-tool user auth silo assign <username> [options]’.
I know, but this is still the only attribute that is set in the windows 
AD but not in the Samba AD.

> Cheers,
> Jennifer (she/her)
> 
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x52F6D4DD1BB68AB5.asc
Type: application/pgp-keys
Size: 636 bytes
Desc: OpenPGP public key
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241105/2a182574/OpenPGP_0x52F6D4DD1BB68AB5.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241105/2a182574/OpenPGP_signature.sig>


More information about the samba-technical mailing list