[Samba] GPO on a DC
samba-ml-en at protonmail.com
Fri Jun 24 18:13:57 UTC 2022
Like in my code
pwd="$(printf "%s" "$1" | cut -f 2 -d "%")"
printf "%s" "$pwd" | kinit "$(printf "%s" "$1" | cut -f 2 -d "\\" | cut -f 1 -d "%")" > /dev/null 2>&1
lines="$(ldapsearch -b "CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=ad2,DC=domain,DC=eu" -H ldap://localhost | grep adminContextMenu | cut -f 2 -d ":" | cut -f 1 -d ",")"
but it means you need to have kerberos and integrate it in the application. One example pfsense user manager (auth firewall users, or vpn users if you want too)
port:636 for example or 389 for ldap
transport: SSL/TLS or cleartext (if I remove TLS form smb.conf........ well clear text, with hashes on the wire)
> I am no expert here, but my understanding is that if you use ldapsearch
> or ldbsearch with kerberos (its called GSSAPI by ldapsearch), then the
> data is encrypted end to end just like ldaps.
Yes what I was saying, a bit like smtp :-)
> Windows was going to enforce ldaps, but, unless I missed it, it has
> never happened, doesn't this tell you something ?
Sorry, you get both, old habit, just in case you need to reply in private.
> Please do not 'CC' me, just send posts to the lists.
Wish you a great evening and I hope we find out a cause for the problem I have with GPOs, ldap/ldaps is probably another issue with samba.
More information about the samba