Talk:Samba AD Smart Card Login: Difference between revisions
From SambaWiki
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
== multiple domain controllers == |
== multiple domain controllers == |
||
There can (and actually should) be multiple domain controllers. It isn't clear what to do in this case, which GUUID to use. The controllers are interchangeable, and the "primary" DC can be demoted and even removed. |
There can (and actually should) be multiple domain controllers. It isn't clear what to do in this case, which GUUID to use. The controllers are interchangeable, and the "primary" DC can be demoted and even removed. Should this be a '''domain''' GUUID, not the domain '''controller''' GUUID maybe? |
||
== expiration time == |
== expiration time == |
||
the HOWTO suggest to set 20 years expiration time for the Root CA, the example requests 10 years (3650 days). |
the HOWTO suggest to set 20 years expiration time for the Root CA, the example requests 10 years (3650 days). |
||
== userPrincipalName == |
|||
It turned out that users in our domain does not have userPrincipalName attributes to begin with. And in the AD "Users and Computers" configuration in windows10, in "Attribute Editor" page, there's no way to insert an attribute. I had to add UPNs manually using samba-tool user edit command. |
Revision as of 14:10, 17 December 2022
multiple domain controllers
There can (and actually should) be multiple domain controllers. It isn't clear what to do in this case, which GUUID to use. The controllers are interchangeable, and the "primary" DC can be demoted and even removed. Should this be a domain GUUID, not the domain controller GUUID maybe?
expiration time
the HOWTO suggest to set 20 years expiration time for the Root CA, the example requests 10 years (3650 days).
userPrincipalName
It turned out that users in our domain does not have userPrincipalName attributes to begin with. And in the AD "Users and Computers" configuration in windows10, in "Attribute Editor" page, there's no way to insert an attribute. I had to add UPNs manually using samba-tool user edit command.