[Samba] GPO on a DC
Rowland Penny
rpenny at samba.org
Fri Jun 24 18:55:00 UTC 2022
On Fri, 2022-06-24 at 18:13 +0000, samba-ml-en via samba wrote:
> Rowland,
>
> Like in my code
> pwd="$(printf "%s" "$1" | cut -f 2 -d "%")"
> printf "%s" "$pwd" | kinit "$(printf "%s" "$1" | cut -f 2 -d "\\" |
> cut -f 1 -d "%")" > /dev/null 2>&1
> lines="$(ldapsearch -b "CN=user-
> Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=ad2,DC=domain
> ,DC=eu" -H ldap://localhost | grep adminContextMenu | cut -f 2 -d ":"
> | cut -f 1 -d ",")"
> kdestroy
But you seem to be using Kerberos (well, half using, you are getting a
ticket)
The kerberos version of your command would probably be:
ldapsearch -Y GSSAPI -b "CN=user-
Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=ad2,DC=domain,D
C=eu" -H ldap://localhost | grep adminContextMenu | cut -f 2 -d ":" |
cut -f 1 -d ","
>
> but it means you need to have kerberos and integrate it in the
> application. One example pfsense user manager (auth firewall users,
> or vpn users if you want too)
They both will probably work with kerberos, most things will.
Rowland
More information about the samba
mailing list