On Fri, 2023-09-15 at 15:58 +0000, bd730c5053df9efb via samba
wrote:> Hi all!
>
> I recently learned about Managed Service Accounts and thought they
> would be a good case use to connect services (dovecot comes to mind)
> to AD and according to the documentation I found this kind of
> accounts have existed since windows 7 on windows 2008 r2 functioning
> level ad domains. However when I try to set a new account using ADUC
> on a windows 7 workstation on my samba-4.18.5 DC I see no option to
> create an msDS-ManagedServiceAccount account but I do have the option
> for a msDS-GroupManagedServiceAccount. Am i missing something on the
> workstation RSAT tools or are these kind of accounts not supported on
> samba AD?
Group managed service accounts are a feature we will add (it is a
funded feature), but due to the complexity of the cryptography and the other
items in the work stream the current target is Samba 4.21, eg in a year.
Sorry!
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions