thr3ads.net - samba - [Samba] How to add or modify msDS-PrincipalName Attribute [Aug 2021]

If this information is useful, please help other people find it:
Share via:

James Atwell

2021-Aug-12 16:18 UTC

[Samba] How to add or modify msDS-PrincipalName Attribute

Hello,

 ??? I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on 
Ubuntu 16.04. I understand the OS and Samba is outdated. Everything goes 
well until the service user attempts to authenticate an AD user. The 
error from DUO is the service user is unable to fetch the 
msDS-PrincipalName. When I look at the attribute for the user I see it's 
missing. ADSI and ADUC does not let me modify.? Can I manually or auto 
add this for all users in the domain?

-James

Rowland Penny

2021-Aug-12 16:44 UTC

head link

[Samba] How to add or modify msDS-PrincipalName Attribute

On Thu, 2021-08-12 at 12:18 -0400, James Atwell via samba
wrote:> Hello,
> 
>      I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on 
> Ubuntu 16.04. I understand the OS and Samba is outdated. Everything
> goes 
> well until the service user attempts to authenticate an AD user. The 
> error from DUO is the service user is unable to fetch the 
> msDS-PrincipalName. When I look at the attribute for the user I see
> it's 
> missing. ADSI and ADUC does not let me modify.  Can I manually or
> auto 
> add this for all users in the domain?
It is one of the 'constructed' attributes, so you cannot add it
manually, try reading this thread:

https://lists.samba.org/archive/samba-technical/2018-January/125185.html

Rowland

samba - Aug 2021 - How to add or modify msDS-PrincipalName Attribute

[Samba] How to add or modify msDS-PrincipalName Attribute

[Samba] How to add or modify msDS-PrincipalName Attribute