[Samba] How to add or modify msDS-PrincipalName Attribute
James Atwell
james.atwell365 at gmail.com
Fri Aug 13 18:52:49 UTC 2021
On 8/13/2021 2:24 PM, Rowland Penny via samba wrote:
> On Fri, 2021-08-13 at 13:07 -0400, James Atwell via samba wrote:
>> On 8/12/2021 3:43 PM, Rowland Penny via samba wrote:
>>> On Thu, 2021-08-12 at 15:29 -0400, James Atwell via samba wrote:
>>>> Rowland,
>>>>
>>>> Thanks for the reply and link. I'm not familiar with
>>>> working
>>>> with
>>>> ldb modules. Can you point me in the direction to learn how?
>>>> Thank
>>>> you.
>>>>
>>>> -James
>>> To put it bluntly, no :-)
>>> To me 'C' comes between 'B' and 'D' :-D
>>>
>>> Perhaps Andrew can help here, or Scott Jordahl, the original
>>> poster, I
>>> presume he got it working.
>>>
>>> Rowland
>>>
>>>
>> Appreciate the bluntness. I may be looking at my issue the wrong
>> way.
>> I'm not familiar with constructed attributes but they appear to not
>> exist in AD but rather get created on the fly when queried. This
>> would
>> explain why they don't exists when I look for them. As a simple test
>> can
>> I query for msDS-PrinciaplName using sambat-tool or another software?
>> I
>> only see I can do this using Powershell but it relies on webservcies
>> and
>> Samba doesn't support it.
> There are quite a few 'constructed' attributes and they do not exist in
> AD, they are constructed on the fly, but for this you need code. Samba
> does not seem to have this code readily available for the msDS-
> PrincipalName attribute. From my limited understanding, the code needs
> to construct the attribute as shown here:
>
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/69474c61-a302-4dd2-bc8c-4fac6ccd1eee
>
> Rowland
>
>
Thanks for the additional information. I was able to find a KB article
for DUO that states Samba is not supported. Does Duo's Directory Sync
work with AWS Managed AD, AWS Directory Service (Simple AD), or Samba
directories?.
<https://help.duo.com/s/article/3129?language=en_US>
DUO looks for that attribute and can't fetch it because it doesn't
exist. Thanks for your help.
-James
More information about the samba
mailing list