setting up authentication policies in 4.20rc2

[Stefan Kania]

Hi to all,

I just tried to setup authentication policies and authentication silos 
in 4.20rc2.
Following these steps:
1. create a policy
samba-tool domain auth policy create --enforce --name winclient-pol

2. create a silo
samba-tool domain auth silo create --enforce --name=winclient-silo

3. adding a at least one user and one host to the silo
samba-tool domain auth silo member grant --name=winclient-silo 
--member=winclient\$
samba-tool domain auth silo member grant --name=winclient-silo 
--member=padmin

BTW: In 4.19 it was "silo member add"

4. Set single policy for all principals in this silo. with 4.19 that was 
possible and that's by the way also possible with a windows DC. That's 
on a windows DC called "Use a single policy for all principals that 
belog to this authentication silo"

In 4.20 the option --policy is missing, you have only the option to add:
--user-authentication-policy=
--service-authentication-policy=
--computer-authentication-policy=
So it would be nice if the option --policy will be back

The next step after creating the silo and the policy and adding the 
clients and users to the silo would be adding:
  --service-allowed-to-authenticate-from=SDDL
and/or
-service-allowed-to-authenticate-to=SDDL

But were can I get the SDDL for the user and the client?

Stefan




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3477 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20240217/c290cfcc/smime.bin>