[Samba] How to add or modify msDS-PrincipalName Attribute
Rowland Penny
rpenny at samba.org
Thu Aug 12 16:44:57 UTC 2021
On Thu, 2021-08-12 at 12:18 -0400, James Atwell via samba wrote:
> Hello,
>
> I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on
> Ubuntu 16.04. I understand the OS and Samba is outdated. Everything
> goes
> well until the service user attempts to authenticate an AD user. The
> error from DUO is the service user is unable to fetch the
> msDS-PrincipalName. When I look at the attribute for the user I see
> it's
> missing. ADSI and ADUC does not let me modify. Can I manually or
> auto
> add this for all users in the domain?
It is one of the 'constructed' attributes, so you cannot add it
manually, try reading this thread:
https://lists.samba.org/archive/samba-technical/2018-January/125185.html
Rowland
More information about the samba
mailing list