[Samba] gMSA Questions
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Nov 6 01:41:36 UTC 2025
On 05/11/2025 21:50, Stefan Kania via samba wrote:
> Hello,
>
> I have some questions about gmsa and the management in Samba:
>
> 1. Where can we see the realiationship between the root-key and the
> account?
The account will have an ms-DS-ManagedPasswordId attribute which has the
root-key GUID inside it in a binary format that you can't easily parse.
We could improve this.
> 2. Can we delete the inital root-key if we did not set up an account up
> to this point?
yes.
> 3. What will happed if we create an new root-key, so we then have two
> root-keys. Can we somehow define which root-key to use?
It will always use the most recent valid one.
> 4. How can we use the gmsa with Linux-clients?
I don't know sorry.
> 5. Where can we find a GOOD documentation about using gmsa with samba,
> NOT only the realese notes or the source code?
I heard some guy wrote a book!
The trouble is that until people are using these things, there are no
examples to work from.
Douglas
More information about the samba
mailing list