[Samba] LAPS support
Arnaud FLORENT
aflorent at iris-tech.fr
Thu Apr 27 16:18:36 UTC 2023
so it looks that 2016 domain functional level is required for this...
Le 12/04/2023 à 10:21, Kees van Vloten via samba a écrit :
>
> Op 12-04-2023 om 10:17 schreef Rowland Penny via samba:
>>
>>
>> On 12/04/2023 09:12, Kees van Vloten via samba wrote:
>>>
>>> Op 12-04-2023 om 09:57 schreef Rowland Penny via samba:
>>>>
>>>>
>>>> On 12/04/2023 08:51, Kees van Vloten via samba wrote:
>>>>>
>>>>> Op 12-04-2023 om 09:47 schreef Arnaud FLORENT via samba:
>>>>>> Hello everybody
>>>>>>
>>>>>>
>>>>>> does/will samba AD support t LAPS GPO ?
>>>>>>
>>>>>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
>>>>>>
>>>>>>
>>>>>>
>>>>>> As far as I understand, this requires schema extension
>>>>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference
>>>>>
>>>>>
>>>>>
>>>>> Here's a good description of what to do:
>>>>> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad
>>>>>
>>>>>
>>>>>
>>>>> - Kees.
>>>>>
>>>>>
>>>>
>>>> Let me say at the start, I do not use LAPS, but isn't the
>>>> TranquilIT page about using the legacy version and there appears to
>>>> be a new kid in town ?
>>>>
>>>> Rowland
>>>
>>> I think that is SRP, which is described in the same document.
>>>
>>> - Kees.
>>>
>>>
>>>
>>
>> Not sure you are correct there, 'legacy' uses 2 attributes, the new
>> one uses 7, see here:
>>
>> https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference
>>
>>
>> Rowland
>>
> Correct, it looks like MS also changed the LAPS implementation...
>
>
i think i update the schema successfully with the 6 new attributes
but unfortunately, the policy is not applied
event log on windows 10 client says
"LAPS password encryption is required but the Active Directory domain is
not yet at 2016 domain functional level. The password was not updated
and no changes will be made until this is corrected."
this new implementation requires 2016 domain functional level...
--
Arnaud FLORENT
IRIS Technologies
More information about the samba
mailing list