search for: trustauthincom

...wordAttribute: unicodePwd > passwordAttribute: ntPwdHistory > passwordAttribute: lmPwdHistory > passwordAttribute: supplementalCredentials > passwordAttribute: priorValue > passwordAttribute: currentValue > passwordAttribute: trustAuthOutgoing > passwordAttribute: trustAuthIncoming > passwordAttribute: initialAuthOutgoing > passwordAttribute: initialAuthIncoming > passwordAttribute: pekList > passwordAttribute: msDS-ExecuteScriptPassword > 88488634-868425949-572>;CN=Denied RODC Password Replication Group,CN=Users,DC > dn: <GUID=9bec2aa0...

...t;> ? passwordAttribute: ntPwdHistory >> ? passwordAttribute: lmPwdHistory >> ? passwordAttribute: supplementalCredentials >> ? passwordAttribute: priorValue >> ? passwordAttribute: currentValue >> ? passwordAttribute: trustAuthOutgoing >> ? passwordAttribute: trustAuthIncoming >> ? passwordAttribute: initialAuthOutgoing >> ? passwordAttribute: initialAuthIncoming >> ? passwordAttribute: pekList >> ? passwordAttribute: msDS-ExecuteScriptPassword >> ?? 88488634-868425949-572>;CN=Denied RODC Password Replication >> Group,CN=Users,D...

...0rc2. you will find this: Encrypted secrets Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is no...

Hi, First some background: ================== I had a test environment which had two samba DCs (running v 4.8.0rc2) and 1 Windows Server 2008R2 DC. The samba DCs had been upgraded from v 4.6x and the secrets database was not encrypted (as far as I know). I decided to downgrade one of the samba DCs to v 4.7.4. On re-starting samba after the downgrade the log shows: ldb: unable to dlopen

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...

...crypted secrets ----------------- Attributes deemed to be sensitive are now encrypted on disk. The sensitive values are currently: pekList msDS-ExecuteScriptPassword currentValue dBCSPwd initialAuthIncoming initialAuthOutgoing lmPwdHistory ntPwdHistory priorValue supplementalCredentials trustAuthIncoming trustAuthOutgoing unicodePwd clearTextPassword This encryption is enabled by default on a new provision or join, it can be disabled at provision or join time with the new option '--plaintext-secrets'. However, an in-place upgrade will not encrypt the database. Once encrypted, it is...