gFRSSKJr SSKJrJrJrJr SSKJ r SSK J r J r J r SSKJr SSKJr Sr"SS \R&5r"S S \R&5r"S S \R&5r"SS\ 5r"SS\ 5r"SS\ 5r"SS\ 5r"SS\ 5rg)N)MAX_TGT_LIFETIMEMIN_TGT_LIFETIMEAuthenticationPolicyStrongNTLMPolicy) ModelError)Command CommandErrorOption)RangeNT_TICKS_PER_SECc$Ub US-[-$U$)zJConvert minutes to the tgt_lifetime attributes unit which is 10^-7 seconds<r )minutess H/usr/lib/python3/dist-packages/samba/netcmd/domain/auth/policy/policy.pymins_to_tgt_lifetimers|... Nc,^\rSrSrSrU4SjrSrU=r$) UserOptions%z>User options used by policy create and policy modify commands.c V>[TU]US5 URSSS[SUR[ [ [S9/S9 URSS S S SURS 9 URS S[SSURSS9 URSS[SSURSS9 g)Nz User Optionsz--user-tgt-lifetime-minsz2Ticket-Granting-Ticket lifetime for user accounts. tgt_lifetimecallbackminmaxhelpdesttypeactionr validatorsz--user-allow-ntlm-authzcAllow NTLM network authentication despite the fact that the user is restricted to selected devices.allow_ntlm_authFrrdefaultr!rz#--user-allowed-to-authenticate-fromzISDDL Rules setting which device the user is allowed to authenticate from.allowed_to_authenticate_fromSDDLrr rr!rmetavarz!--user-allowed-to-authenticate-tozOA target service, on a user account, requires the connecting user to match SDDLallowed_to_authenticate_to super__init__ add_optionint set_optionr rrstrselfparser __class__s rr-UserOptions.__init__(s 0 2Q+#j!%$).>DT$U#V  X 0B.)DOO  E =h 'E)DOO &  ( ;n 'C)DOO &  (r__name__ __module__ __qualname____firstlineno____doc__r-__static_attributes__ __classcell__r5s@rrr%sH((rrc,^\rSrSrSrU4SjrSrU=r$)ServiceOptionsAzAService options used by policy create and policy modify commands.c V>[TU]US5 URSSS[SUR[ [ [S9/S9 URSS S S SURS 9 URS S[SSURSS9 URSS[SSURSS9 g)NzService Optionsz--service-tgt-lifetime-minsz5Ticket-Granting-Ticket lifetime for service accounts.rrrrz--service-allow-ntlm-authznAllow NTLM network authentication despite the fact that the service account is restricted to selected devices.r#Fr$z&--service-allowed-to-authenticate-fromzTSDDL Rules setting which device the service account is allowed to authenticate from.r&r'r(z$--service-allowed-to-authenticate-toz=The target service requires the connecting user to match SDDLr*r+r2s rr-ServiceOptions.__init__Ds !23 5T+#j!%$).>DT$U#V  X 3B/)DOO  E @K 'E)DOO &  ( >\ 'C)DOO &  (rr7r8r@s@rrBrBAsK((rrBc,^\rSrSrSrU4SjrSrU=r$)ComputerOptions_zBComputer options used by policy create and policy modify commands.c >[TU]US5 URSSS[SUR[ [ [S9/S9 URSS [S SURS S 9 g) NzComputer Optionsz--computer-tgt-lifetime-minsz6Ticket-Granting-Ticket lifetime for computer accounts.rrrrz%--computer-allowed-to-authenticate-toz]The computer account (server, workstation) service requires the connecting user to match SDDLr*r'r(r+r2s rr-ComputerOptions.__init__bss !34 6U+#j!%$).>DT$U#V  X ?| 'C)DOO &  (rr7r8r@s@rrGrG_sL ( (rrGc\rSrSrSrSr\R\R\RS.r \ "SSSSS S 9/r SS jr S rg )cmd_domain_auth_policy_listqz+List authentication policies on the domain.%prog -H [options] sambaoptscredoptshostoptsz--jsonzOutput results in JSON format. output_format store_constjson)rrr!constNcNURXU5n[R"U5nUS:Xa-UR UVs0sHoR U_M sn5 gUH!n[UR URS9 M# g![an[ U5eSnAff=fs snf)NrUfile) ldb_connectrqueryrr print_jsonnameprintoutf) r3rRrPrQrSldbpoliciesepolicys rruncmd_domain_auth_policy_list.runsxH= "+11#6H F " OOxHxV[[&0xH I"fkk 2# "q/ ! " IsBB" B BBr7NNNN)r9r:r;r<r=synopsisoptions SambaOptionsCredentialsOptions HostOptionstakes_optiongroupsr takes_optionsrdr>r7rrrLrLqsZ5)H))..'' x>#M IM ;?3rrLc \rSrSrSrSr\R\R\RS.r \ "SSSS\ S S 9/r SS jrS rg )cmd_domain_auth_policy_viewz,View an authentication policy on the domain.rNrO--namez1Name of authentication policy to view (required).r]storeTrrr!r requiredNcURXU5n[R"XTS9nUc[ SUS35eUR UR 55 g![an[ U5eSnAff=f)NcnAuthentication policy not found.)rZrgetrr r\as_dict)r3rRrPrQr]r`rcrbs rrdcmd_domain_auth_policy_view.runsvxH= ")--c;F >!7v[IJ J () "q/ ! "sA A4$ A//A4r7rfr9r:r;r<r=rgrhrirjrkrlr r1rmrdr>r7rrrorosT6)H))..'' xG7t EM *rroc@\rSrSrSrSr\R\R\R\ \ \ S.r \"SSSS\S S 9\"S S S S\S9\"SSSSS9\"SSSSS9\"SSSSS9\"SSSSS9\"SS\R""5S3S S!S\R$"5S"S#9/rS'S%jrS&rg$)(cmd_domain_auth_policy_createz.Create an authentication policy on the domain.rNrPrQrRuseropts serviceopts computeroptsrq)Name of authentication policy (required).r]rrTrs --description/Optional description for authentication policy. descriptionrrr!r --protect5Protect authentication silo from accidental deletion.protect store_truerrr! --unprotect7Unprotect authentication silo from accidental deletion. unprotect--audit!Only audit authentication policy.audit --enforceEnforce authentication policy.enforce--strong-ntlm-policyStrong NTLM Policy ().strong_ntlm_policychoiceDisabled)rrr r!choicesr%NcNU (aU (a [S5eU (aU (a [S5eURXU5n[R"XS9nUb[SUS35e[UU[ U R 5UR[UR5URURUR[UR5URUR[UR5URS9 nU bXl O U (+Ul URU5 U (aURU5 [SU3UR S9 g![an[U5eSnAff=f![an[U5eSnAff=f) N2--protect and --unprotect cannot be used together..--audit and --enforce cannot be used together.rvrxz already exists.) rwrruser_allow_ntlm_authuser_tgt_lifetime!user_allowed_to_authenticate_fromuser_allowed_to_authenticate_toservice_allow_ntlm_authservice_tgt_lifetime$service_allowed_to_authenticate_from"service_allowed_to_authenticate_tocomputer_tgt_lifetime#computer_allowed_to_authenticate_tozCreated authentication policy: rX)r rZrrzrrupperr#rrr&r*enforcedsaverr^r_r3rRrPrQrrrr]rrrrrrr`rcrbs rrd!cmd_domain_auth_policy_create.runs yST T WOP PxH= ")--c;F  !7v=MNO O&#/0B0H0H0JK!)!9!9283H3HI.6.S.S,4,O,O$/$?$?!5k6N6N!O1<1Y1Y/:/U/U"6|7P7P"Q0<0W0W $  %O"'iFO " KK s# /v6TYYGS "q/ ! "J "q/ ! "s0E-,)F - F7 FF F$ FF$r7 NNNNNNNNNNNNNr9r:r;r<r=rgrhrirjrkrrBrGrlr r1r choices_str get_choicesrmrdr>r7rrrrs 8)H))..''%'  xI7t EE!' = {Kl 4 }M  6 y7L 2 {4l 4 %*+;+G+G+I*J"M(x'335!  #%M2JNHL>B#7Hrrc>\rSrSrSrSr\R\R\R\ \ \ S.r \"SSSS\S S 9\"S S S S\S9\"SSSSS9\"SSSSS9\"SSSSS9\"SSSSS9\"SS\R""5S3S S!S\R$"5S"9/rS&S$jrS%rg#)'cmd_domain_auth_policy_modifyiz-Modify authentication policies on the domain.rNrrqrr]rrTrsrrrrrrrrrrrrrrrrrrrrrrr)rrr r!rNcU (aU (a [S5eU (aU (a [S5eURXU5n[R"XS9nUc[SUS35eU (aSUlOU (aSUlUbXlU b[U R5Ul URb[UR5Ul URbURUlURbURUlURb[UR5UlURbURUlURbURUlURb[UR5UlURbURUlUR-U5 U (aUR/U5 OU (aUR1U5 [3SU3UR4S 9 g![an[U5eSnAff=f![an[U5eSnAff=f) NrrrvrxryTFzUpdated authentication policy: rX)r rZrrzrrrrrrrrrr&rr*rrrrrrrrrr^r_rs rrd!cmd_domain_auth_policy_modify.run<s) yST T WOP PxH= ")--c;F >!7v[IJ J "FO #FO  "!,   ) !3!9!9!;<  %  ,';H{?W?W*XF '  3 3 ?88  7  1 1 =66  5  $ $ 0+? @Y@Y+ZF (  2 2 >77  6 " KK s#  % /v6TYYGO "q/ ! "F "q/ ! "s6H=)H4'H4 H1! H,,H14 I> I  Ir7rrr7rrrrs 7)H))..''%'  xI7t EE!' = {Kl 4 }M  6 y7L 2 {4l 4 %*+;+G+G+I*J"M(x'335 7%M0JNHL>B#UHrrc \rSrSrSrSr\R\R\RS.r \ "SSSS\ S S 9\ "S S S SS9/r SSjrSrg)cmd_domain_auth_policy_deleteiz-Delete authentication policies on the domain.rNrOrqrr]rrTrsz--forcez-Force delete protected authentication policy.forcerrNcURXU5n[R"XdS9nUc[ SUS35eU(aUR U5 UR U5 [SU3URS9 g![an[ U5eSnAff=f![a%nU(d[ US35e[ U5eSnAff=f)Nrvrxryz9 Try --force to delete protected authentication policies.zDeleted authentication policy: rX) rZrrzrr rdeleter^r_) r3rRrPrQr]rr`rcrbs rrd!cmd_domain_auth_policy_delete.runsxH= ")--c;F >!7v[IJ J "  % MM#  /v6TYYG+ "q/ ! " ""cSTVVq/ !  "s.A<)B< B BB C# CCr7)NNNNNr}r7rrrrsq7)H))..'' xI7t EyNL 2MFJHrr) samba.getoptgetoptrhsamba.domain.modelsrrrrsamba.domain.models.exceptionsr samba.netcmdrr r samba.netcmd.validatorsr samba.nt_timer r OptionGrouprrBrGrLrorrrr7rrrs.II566)* ('%%(8(W(((<(g))($3'3D*'*D^HG^HB{HG{H|.HG.Hr