On 6/21/22 9:23 AM, samba-ml-en via samba wrote:> userAccountControl=532480 is the value (SERVER_TRUST_ACCOUNT|TRUSTED_FOR_DELEGATION) > > As of oddjob-gpupdate I prefer to use winbind if possible, it is more complex but has better flexibility than SSSD. >oddjob-gpupdate isn't just for SSSD. You can use it in combination with Winbind also. In fact, you have to use oddjob-gpupdate in order to utilize user policies (at least for the moment, I will add this to winbind at some point). -- *David Mulder* Labs Software Engineer, Samba SUSE 1221 Valley Grove Way Pleasant Grove, UT 84062 dmulder at suse.com http://www.suse.com
On Tue, 2022-06-21 at 10:05 -0600, David Mulder via samba wrote:> On 6/21/22 9:23 AM, samba-ml-en via samba wrote: > > userAccountControl=532480 is the value > > (SERVER_TRUST_ACCOUNT|TRUSTED_FOR_DELEGATION) > > > > As of oddjob-gpupdate I prefer to use winbind if possible, it is > > more complex but has better flexibility than SSSD. > > > > oddjob-gpupdate isn't just for SSSD. You can use it in combination > with > Winbind also. In fact, you have to use oddjob-gpupdate in order to > utilize user policies (at least for the moment, I will add this to > winbind at some point).Great, Debian has supported Samba AD DC's from the very start of Samba4, but as far as I can see, it has never provided the oddjob- gpupdate package. Now, as a computer is a user with an extra objectclass, where does this leave us ? Rowland
hello David, I am a bit at odds with it. I looked at the link, sorry I am not a big expert at samba and Linux in general. So I clone the repo (git clone ....) and then after ? The page does not explain much about how to install it nor how to configure it. I am not so much after user policies since it is a GPO for DCs Eric> oddjob-gpupdate isn't just for SSSD. You can use it in combination with > Winbind also. In fact, you have to use oddjob-gpupdate in order to > utilize user policies (at least for the moment, I will add this to > winbind at some point).