[Samba] samba and group managed service accounts (GMSA)

Andrew Bartlett abartlet at samba.org
Mon Feb 22 18:44:03 UTC 2021

On Mon, 2021-02-22 at 12:03 +0100, Dr. Hansjörg Maurer wrote:
> Hi Andrew
> Am 16.02.21 um 03:10 schrieb Andrew Bartlett:
> > I've looked into this again and it is clear from
> > https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts
> > 
> > that this is a feature which relies on server-side help to work, so
> > it
> > really will need code development on the Samba side.
> > 
> > The next step would be to spend some 'quality time' with wireshark
> > and
> > the tools when operating against a Windows server to work out which
> > protocols are being used.  A new RPC or an LDAP control would be a
> > smaller change than a Web Services call, which we don't support at
> > all.
> it will take some time, because we have no windows AD-DC available,
> but 
> I will ask a colleague to set one up for testing in order to capture
> the 
> communication

Thanks, we really do appreciate the research!

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list