James Atwell
2021-Aug-12 19:29 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
Rowland, ??? Thanks for the reply and link. I'm not familiar with working with ldb modules. Can you point me in the direction to learn how? Thank you. -James On 8/12/2021 12:44 PM, Rowland Penny via samba wrote:> On Thu, 2021-08-12 at 12:18 -0400, James Atwell via samba wrote: >> Hello, >> >> I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on >> Ubuntu 16.04. I understand the OS and Samba is outdated. Everything >> goes >> well until the service user attempts to authenticate an AD user. The >> error from DUO is the service user is unable to fetch the >> msDS-PrincipalName. When I look at the attribute for the user I see >> it's >> missing. ADSI and ADUC does not let me modify. Can I manually or >> auto >> add this for all users in the domain? > It is one of the 'constructed' attributes, so you cannot add it > manually, try reading this thread: > > https://lists.samba.org/archive/samba-technical/2018-January/125185.html > > Rowland > > >
Rowland Penny
2021-Aug-12 19:43 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
On Thu, 2021-08-12 at 15:29 -0400, James Atwell via samba wrote:> Rowland, > > Thanks for the reply and link. I'm not familiar with working > with > ldb modules. Can you point me in the direction to learn how? Thank > you. > > -JamesTo put it bluntly, no :-) To me 'C' comes between 'B' and 'D' :-D Perhaps Andrew can help here, or Scott Jordahl, the original poster, I presume he got it working. Rowland