[Samba] MSA accounts

Andrew Bartlett abartlet at samba.org
Sun Sep 17 19:27:16 UTC 2023

On Fri, 2023-09-15 at 15:58 +0000, bd730c5053df9efb via samba wrote:
> Hi all!
> I recently learned about Managed Service Accounts and thought they
> would be a good case use to connect services (dovecot comes to mind)
> to AD and according to the documentation I found this kind of
> accounts have existed since windows 7 on windows 2008 r2 functioning
> level ad domains. However when I try to set a new account using ADUC
> on a windows 7 workstation on my samba-4.18.5 DC I see no option to
> create an msDS-ManagedServiceAccount account but I do have the option
> for a msDS-GroupManagedServiceAccount. Am i missing something on the
> workstation RSAT tools or are these kind of accounts not supported on
> samba AD?

Group managed service accounts are a feature we will add (it is a
funded feature), but due to the complexity of the cryptography and the other items in the work stream the current target is Samba 4.21, eg in a year.


Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list