authentication policies in Samba 4.21
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Tue Oct 29 10:27:21 UTC 2024
On 29/10/24 23:06, Stefan Kania wrote:
> I did ldbsearch --url=/var/lib/samba/private/sam.ldb '(|(CN=stka)(CN=win11*)(CN=WINCLIENT11*))' --cross-ncs to also see
> the computer object and I got:
[...]
> # record 2
> dn: CN=win11-policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=example,DC=net
[...]
> msDS-UserAllowedToAuthenticateTo:: AQAEgBQAAAAgAAAAAAAAACwAAAABAQAAAAAABRIAAAA
> BAQAAAAAABRIAAAAEAHgAAQAAAAkDcAAAAQAAAQEAAAAAAAEAAAAAYXJ0ePk2AAAAYQBkADoALwAv
> AGUAeAB0AC8AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFMAaQBsAG8AEBQAAAB3AGkAbgAxA
> DEALQBzAGkAbABvAIAAAAA=
We need this to be "msDS-ComputerAllowedToAuthenticateTo::".
Because the thing you want to control authentication to is a computer.
Douglas
More information about the samba-technical
mailing list