ACL inheritance mess with win2k clients...
matt.zinkevicius at hp.com
Wed Oct 2 22:08:01 GMT 2002
I think he would win the quarter :-) Never setting those bits is exactly
what tells the client that we're using NT4 style inheritance. See my NT
security semantics patch which set these bits when appropriate.
> -----Original Message-----
> From: jra at dp.samba.org [mailto:jra at dp.samba.org]
> Sent: Wednesday, October 02, 2002 2:15 PM
> To: Eric Lee Steadle
> Cc: Jim McDonough; samba-technical at samba.org
> Subject: Re: ACL inheritance mess with win2k clients...
> On Wed, Oct 02, 2002 at 04:05:45PM -0400, Eric Lee Steadle wrote:
> > >Ok - so how does the W2K client "know" it's talking to a W2K or NT
> > >server ? Any idea what criteria a W2K client uses to check ?
> > Well, I'm pretty sure it (the client) checks for one or
> more w2k specific
> > flags: SE_DACL_AUTO_INHERITED, or perhaps
> SE_DACL_PROTECTED. Jim said that the
> > client sets the SE_DACL_AUTO_INHERITED flag, (which is not
> honored by Samba,
> > nor would it be by NT4) then it queries for those flags
> again. I'd bet a
> > quarter that it (the client) is trying to determine what
> ACL inheritence
> > mechanism is being used by the server.
> You'd lose that quarter.... Samba never sets any of these flags, so
> the client cannot be using their presense to determine if we support
> W2K or NT ACLs.
More information about the samba-technical