DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL in LDAP although being not empty in the LDB
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Tue Sep 29 01:14:21 MDT 2009
Hi Matthieu,
The difference you see is that two flags were added, SEC_DESC_OWNER_DEFAULTED, and SEC_DESC_GROUP_DEFAULTED. These flags are raised when the user did not provide a group and owner with the SD, and they were created using the default rules. They do not appear to have any influence in AD behavior, and to my knowledge, they do not influence Samba 4 behavior. I will investigate the issue further but I am pretty sure your problem is not the flags. Is this in relation to the problem with GPO? You no longer receive a wrong acl revision, so what is the exact issue?
Regards,
Nadya
> -----Original Message-----
> From: Matthieu Patou [mailto:mat+Informatique.Samba at matws.net]
> Sent: Monday, September 28, 2009 11:46 PM
> To: samba-technical; Nadezhda Ivanova; Matthias Dieter Wallnöfer
> Subject: Fwd: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL
> in LDAP although being not empty in the LDB
>
> Hello,
>
> In deed it seems that the version of DACL/SACL is no longer 0. I haven't
> checked if it's OK (but I guess).
> Nevertheless I still have a difference on nTSecurityDescriptor.
> When I run "diffprov" I receive the following difference:
>
> OU=Domain Controllers,DC=foo,DC=bar
> nTSecurityDescriptor
> Same sddl for bad and good
> SD for bad
> revision 1
> type 33815
> owner sid S-1-5-21-3931478941-4251050849-2371954046-512
> group sid S-1-5-21-3931478941-4251050849-2371954046-512
> sacl revision:4
> sacl size:120
> sacl #ace:2
> dacl revision:4
> dacl size:408
> dacl #ace:12
>
> SD for good
> revision 1
> type 33812
> owner sid S-1-5-21-3931478941-4251050849-2371954046-512
> group sid S-1-5-21-3931478941-4251050849-2371954046-512
> sacl revision:4
> sacl size:120
> sacl #ace:2
> dacl revision:4
> dacl size:408
> dacl #ace:12
>
> CN=ARES,OU=Domain Controllers,DC=foo,DC=bar
> nTSecurityDescriptor
> Same sddl for bad and good
> SD for bad
> revision 1
> type 33815
> owner sid S-1-5-21-3931478941-4251050849-2371954046-512
> group sid S-1-5-21-3931478941-4251050849-2371954046-512
> sacl revision:4
> sacl size:120
> sacl #ace:2
> dacl revision:4
> dacl size:1372
> dacl #ace:31
>
> SD for good
> revision 1
> type 33812
> owner sid S-1-5-21-3931478941-4251050849-2371954046-512
> group sid S-1-5-21-3931478941-4251050849-2371954046-512
> sacl revision:4
> sacl size:120
> sacl #ace:2
> dacl revision:4
> dacl size:1372
> dacl #ace:31
>
>
> I've no idea if the type of the SD has an influence or not ...
> Nadya can you light our way ?
>
> Matthieu.
>
>
>
> -------- Original Message --------
> Subject: DO NOT REPLY [Bug 6760] Samba4 fails returns empty SACL/DACL
> in LDAP although being not empty in the LDB
> Date: Mon, 28 Sep 2009 10:53:34 -0500 (CDT)
> From: samba-bugs at samba.org
> To: mat+Informatique.Samba at matws.net
>
>
>
> https://bugzilla.samba.org/show_bug.cgi?id=6760
>
>
>
>
>
> ------- Comment #8 from mdw at samba.org 2009-09-28 10:53 CST -------
> This should be fixed now, ekacnet. Please close!
>
>
> --
> Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
More information about the samba-technical
mailing list