diff options
Diffstat (limited to 'source4/auth/sam.c')
-rw-r--r-- | source4/auth/sam.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b66bfbff8ae..6d25afa6131 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -64,12 +64,23 @@ /* Needed for RODC rule processing */ \ "msDS-KrbTgtLinkBL" +#define AUTHN_POLICY_ATTRS \ + /* Required for authentication policies / silos */ \ + "msDS-AssignedAuthNPolicy", \ + "msDS-AssignedAuthNPolicySilo" + const char *krbtgt_attrs[] = { + /* + * Authentication policies will not be enforced on the TGS + * account. Don’t include the relevant attributes in the account search. + */ KRBTGT_ATTRS, NULL }; const char *server_attrs[] = { - KRBTGT_ATTRS, NULL + KRBTGT_ATTRS, + AUTHN_POLICY_ATTRS, + NULL }; const char *user_attrs[] = { @@ -82,6 +93,7 @@ const char *user_attrs[] = { "msDS-ResultantPSO", KRBTGT_ATTRS, + AUTHN_POLICY_ATTRS, "logonHours", |