[Samba] How to add or modify msDS-PrincipalName Attribute

James Atwell james.atwell365 at gmail.com
Fri Aug 13 18:52:49 UTC 2021

On 8/13/2021 2:24 PM, Rowland Penny via samba wrote:
> On Fri, 2021-08-13 at 13:07 -0400, James Atwell via samba wrote:
>> On 8/12/2021 3:43 PM, Rowland Penny via samba wrote:
>>> On Thu, 2021-08-12 at 15:29 -0400, James Atwell via samba wrote:
>>>> Rowland,
>>>>        Thanks for the reply and link. I'm not familiar with
>>>> working
>>>> with
>>>> ldb modules. Can you point me in the direction to learn how?
>>>> Thank
>>>> you.
>>>> -James
>>> To put it bluntly, no :-)
>>> To me 'C' comes between 'B' and 'D' :-D
>>> Perhaps Andrew can help here, or Scott Jordahl, the original
>>> poster, I
>>> presume he got it working.
>>> Rowland
>> Appreciate the bluntness. I may be looking at my issue the wrong
>> way.
>> I'm not familiar with constructed attributes but they appear to not
>> exist in AD but rather get created on the fly when queried.  This
>> would
>> explain why they don't exists when I look for them. As a simple test
>> can
>> I query for msDS-PrinciaplName using sambat-tool or another software?
>> I
>> only see I can do this using Powershell but it relies on webservcies
>> and
>> Samba doesn't support it.
> There are quite a few 'constructed' attributes and they do not exist in
> AD, they are constructed on the fly, but for this you need code. Samba
> does not seem to have this code readily available for the msDS-
> PrincipalName attribute. From my limited understanding, the code needs
> to construct the attribute as shown here:
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/69474c61-a302-4dd2-bc8c-4fac6ccd1eee
> Rowland
Thanks for the additional information.  I was able to find a KB article 
for DUO that states Samba is not supported. Does Duo's Directory Sync 
work with AWS Managed AD, AWS Directory Service (Simple AD), or Samba 

DUO looks for that attribute and can't fetch it because it doesn't 
exist.  Thanks for your help.


More information about the samba mailing list