authentication policies in Samba 4.21

Stefan Kania stefan at kania-online.de
Tue Oct 29 10:49:47 UTC 2024



Am 29.10.24 um 11:27 schrieb Douglas Bagnall:
> We need this to be"msDS-ComputerAllowedToAuthenticateTo::".
> 
> Because the thing you want to control authentication to is a computer.
I will look it up in a Microsoft environmet if it's the same there. 
Because I think it should be "UsersAllowedToAuthenticateTo". But even in 
the most Microsoft manuals the policy stuff is not very good documented.

But that did it :-) Now I can only login on computers not a member of 
the silo (And getting the right message) . I will try it later on to do 
it wit != to change the behavior so that users can only login to 
computer which are member of the silo
but the problem with the ticket-livetime still exists.

I will write a little howto if everything is tested again.

Thank's so far

Stefan

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x52F6D4DD1BB68AB5.asc
Type: application/pgp-keys
Size: 636 bytes
Desc: OpenPGP public key
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241029/de52cdcb/OpenPGP_0x52F6D4DD1BB68AB5.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20241029/de52cdcb/OpenPGP_signature.sig>


More information about the samba-technical mailing list