[Samba] GPO on a DC
samba-ml-en
samba-ml-en at protonmail.com
Fri Jun 24 18:13:57 UTC 2022
Rowland,
Like in my code
pwd="$(printf "%s" "$1" | cut -f 2 -d "%")"
printf "%s" "$pwd" | kinit "$(printf "%s" "$1" | cut -f 2 -d "\\" | cut -f 1 -d "%")" > /dev/null 2>&1
lines="$(ldapsearch -b "CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=ad2,DC=domain,DC=eu" -H ldap://localhost | grep adminContextMenu | cut -f 2 -d ":" | cut -f 1 -d ",")"
kdestroy
but it means you need to have kerberos and integrate it in the application. One example pfsense user manager (auth firewall users, or vpn users if you want too)
host:tristsnpa43.ad2.domain.eu
port:636 for example or 389 for ldap
transport: SSL/TLS or cleartext (if I remove TLS form smb.conf........ well clear text, with hashes on the wire)
> I am no expert here, but my understanding is that if you use ldapsearch
> or ldbsearch with kerberos (its called GSSAPI by ldapsearch), then the
> data is encrypted end to end just like ldaps.
Yes what I was saying, a bit like smtp :-)
> Windows was going to enforce ldaps, but, unless I missed it, it has
> never happened, doesn't this tell you something ?
Sorry, you get both, old habit, just in case you need to reply in private.
> Please do not 'CC' me, just send posts to the lists.
Wish you a great evening and I hope we find out a cause for the problem I have with GPOs, ldap/ldaps is probably another issue with samba.
Eric
More information about the samba
mailing list