New acl module and workstation trying to upgrade some information

Nadezhda Ivanova nadezhda.ivanova at postpath.com
Thu Dec 3 02:58:30 MST 2009


Hi Matthieu,
Thanks for letting me know. I cant figure out what's wrong just by looking, and I seem to have forgotten the discussion, or missed it. Could you please explain to me what is the setup and how exactly to reproduce it? You may also log a bug and assign it to me. I will start working on the bug list as soon as I am done with the search checks.
Keep the bugs comming. :)

Regards,
Nadya

----- Original Message -----
> From: Matthieu Patou <mat+Informatique.Samba at matws.net>
> To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: samba-technical <samba-technical at lists.samba.org>
> Sent: Wednesday, December 2, 2009 7:38:16 PM GMT+0200 Europe;Athens
> Subject: New acl module and workstation trying to upgrade some information

> > Hello nadya,
> 
> As we discussed this a few months ago workstation and server (ie. 
> windows 2008) is trying to update some attributes through LDAP when it 
> 
> starts.
> 
> After upgrading I'm still having messages like
> Failed to modify SPNs on CN=w2k8,CN=Computers,DC=smb4,DC=tst: error in 
> 
> module acl: insufficient access rights (50)
> 
> Here is the SD of this server:
> 
> O:DOMSID-512G:DOMSID-513D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DOMSID-512
> )
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
> (A;;RPCRLCLORCSDDT;;;DOMSID-512)
> (A;IO;RPCRLCLORCSDDT;;;CO)
> (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;DOMSID-512)
> (OA;IO;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)
> (A;;RPLCLORC;;;AU)
> (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
> (A;;CCDC;;;PS)
> (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)
> (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;DOMSID-517)
> (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)
> (OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS)
> (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)
> (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;DOMSID-512)
> (OA;IO;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)
> (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;DOMSID-512)
> (OA;IO;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)
> (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00
> aa003049e2;DOMSID-512)
> (OA;IO;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-
> 00aa003049e2;CO)
> (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00
> aa003049e2;DOMSID-512)
> (OA;IO;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-
> 00aa003049e2;CO)
> (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00
> aa003049e2;DOMSID-512)
> (OA;IO;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-
> 00aa003049e2;CO)
> (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00
> aa003049e2;DOMSID-512)
> (OA;IO;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-
> 00aa003049e2;CO)
> (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
> (OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9
> b07-ad6f015e5f28;RU)
> (OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a
> 285-00aa003049e2;RU)
> (OA;CIIOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9
> b07-ad6f015e5f28;RU)
> (OA;CIIOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a
> 285-00aa003049e2;RU)
> (OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9
> b07-ad6f015e5f28;RU)
> (OA;CIIOID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a
> 285-00aa003049e2;RU)
> (OA;CIIOID;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9
> b07-ad6f015e5f28;RU)
> (OA;CIIOID;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a
> 285-00aa003049e2;RU)
> (OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9
> b07-ad6f015e5f28;RU)
> (OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a
> 285-00aa003049e2;RU)
> (OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a
> 285-00aa003049e2;ED)
> (OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a
> 285-00aa003049e2;ED)
> (OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a
> 285-00aa003049e2;ED)
> (OA;CIIOID;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)
> (OA;CIIOID;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)
> (OA;CIIOID;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
> (OA;CIIOID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)
> (A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DOMSID-519)
> (A;CIID;LC;;;RU)
> (A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d
> 1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
> (OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a
> 285-00aa003049e2;WD)
> 
> The attribute is msDS-SupportedEncryptionTypes which is not in the SD 
> above.
> 
> Is there something wrong ? The SD is generated for a 2003 level maybe 
> the right is added when we have a 2008 level ?
> 
> Let me know.
> 
> Matthieu.


More information about the samba-technical mailing list