authentication policies in Samba 4.21

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Tue Oct 29 10:27:21 UTC 2024


On 29/10/24 23:06, Stefan Kania wrote:

> I did ldbsearch --url=/var/lib/samba/private/sam.ldb '(|(CN=stka)(CN=win11*)(CN=WINCLIENT11*))' --cross-ncs to also see
> the computer object and I got:

[...]

> # record 2
> dn: CN=win11-policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=example,DC=net

[...]

> msDS-UserAllowedToAuthenticateTo:: AQAEgBQAAAAgAAAAAAAAACwAAAABAQAAAAAABRIAAAA
>  BAQAAAAAABRIAAAAEAHgAAQAAAAkDcAAAAQAAAQEAAAAAAAEAAAAAYXJ0ePk2AAAAYQBkADoALwAv
>  AGUAeAB0AC8AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFMAaQBsAG8AEBQAAAB3AGkAbgAxA
>  DEALQBzAGkAbABvAIAAAAA=

We need this to be "msDS-ComputerAllowedToAuthenticateTo::".

Because the thing you want to control authentication to is a computer.

Douglas




More information about the samba-technical mailing list