From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- .../smbdotconf/security/aclclaimsevaluation.xml | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 docs-xml/smbdotconf/security/aclclaimsevaluation.xml (limited to 'docs-xml/smbdotconf/security/aclclaimsevaluation.xml') diff --git a/docs-xml/smbdotconf/security/aclclaimsevaluation.xml b/docs-xml/smbdotconf/security/aclclaimsevaluation.xml new file mode 100644 index 0000000..ab72617 --- /dev/null +++ b/docs-xml/smbdotconf/security/aclclaimsevaluation.xml @@ -0,0 +1,42 @@ + + + This option controls the way Samba handles evaluation of + security descriptors in Samba, with regards to Active + Directory Claims. AD Claims, introduced with Windows 2012, + are essentially administrator-defined key-value pairs that can + be set both in Active Directory (communicated via the Kerberos + PAC) and in the security descriptor themselves. + + + Active Directory claims are new with Samba 4.20. + Because the claims are evaluated against a very flexible + expression language within the security descriptor, this option provides a mechanism + to disable this logic if required by the administrator. + + This default behaviour is that claims evaluation is + enabled in the AD DC only. Additionally, claims evaluation on + the AD DC is only enabled if the DC functional level + is 2012 or later. See . + + Possible values are : + + + AD DC only: Enabled for the Samba AD + DC (for DC functional level 2012 or higher). + + + never: Disabled in all cases. + This option disables some but not all of the + Authentication Policies and Authentication Policy Silos features of + the Windows 2012R2 functional level in the AD DC. + + + + +AD DC only + -- cgit v1.2.3