Rowland Penny
2021-Aug-12 16:44 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
On Thu, 2021-08-12 at 12:18 -0400, James Atwell via samba wrote:> Hello, > > I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on > Ubuntu 16.04. I understand the OS and Samba is outdated. Everything > goes > well until the service user attempts to authenticate an AD user. The > error from DUO is the service user is unable to fetch the > msDS-PrincipalName. When I look at the attribute for the user I see > it's > missing. ADSI and ADUC does not let me modify. Can I manually or > auto > add this for all users in the domain?It is one of the 'constructed' attributes, so you cannot add it manually, try reading this thread: https://lists.samba.org/archive/samba-technical/2018-January/125185.html Rowland
James Atwell
2021-Aug-12 19:29 UTC
[Samba] How to add or modify msDS-PrincipalName Attribute
Rowland, ??? Thanks for the reply and link. I'm not familiar with working with ldb modules. Can you point me in the direction to learn how? Thank you. -James On 8/12/2021 12:44 PM, Rowland Penny via samba wrote:> On Thu, 2021-08-12 at 12:18 -0400, James Atwell via samba wrote: >> Hello, >> >> I'm attempting to use DUO for 2FA against a Samba 4.11.6 DC. on >> Ubuntu 16.04. I understand the OS and Samba is outdated. Everything >> goes >> well until the service user attempts to authenticate an AD user. The >> error from DUO is the service user is unable to fetch the >> msDS-PrincipalName. When I look at the attribute for the user I see >> it's >> missing. ADSI and ADUC does not let me modify. Can I manually or >> auto >> add this for all users in the domain? > It is one of the 'constructed' attributes, so you cannot add it > manually, try reading this thread: > > https://lists.samba.org/archive/samba-technical/2018-January/125185.html > > Rowland > > >