insufficient access rights [ Was - Samba4 DNS Updates - Linux Clients - Is it possible?]

Daniele Dario d.dario76 at gmail.com
Fri Feb 3 02:12:00 MST 2012


Hi Amitay,

On Thu, 2012-02-02 at 09:20 +1100, Amitay Isaacs wrote:
> Hi Daniele,
> 
> From the logs it appears that windows-xp box activity is not able to update it's
> own record.
> 
> > [root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
> > "DC=DomainDnsZones,DC=saitelitalia,DC=local" "(name=activity)"
> 
> Can you add --show-binary flag to ldbsearch to decode dnsRecord attribute?
> 
> Also, more interesting would be to check the security descriptor for this record
> as that would tell us how this particular record was created.
> 
> ldbsearch -H /usr/local/samba/private/sam.ldb
>                -b "DC=DomainDnsZones,DC=saitelitalia,DC=local
>                "(name=activity)" nTSecurityDescriptor
> 
> That will show the security descriptor. And if you want to decode the SDDL
> format you can add --show-binary.
> 
> I am interested in finding out the owner of the record as that will tell how
> this particular record was created.
> 
> Amitay.

[root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=DomainDnsZones,DC=saitelitalia,DC=local" "(name=activity)"
--show-binary
# record 1
dn:
DC=activity,DC=saitelitalia.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=saitelitalia,DC=local
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120131123039.0Z
whenChanged: 20120131123039.0Z
uSNCreated: 4583
uSNChanged: 4583
showInAdvancedViewOnly: TRUE
name: activity
objectGUID: 3082b335-fb49-43be-9739-7422d74032c3
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0004 (4)
        wType                    : DNS_TYPE_A (1)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x00000058 (88)
        dwTtlSeconds             : 0x00000384 (900)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x0036fc0c (3603468)
        data                     : union dnsRecordData(case 1)
        ipv4                     : 192.168.12.12

objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
dc: activity
distinguishedName:
DC=activity,DC=saitelitalia.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=saitelitalia,DC=local

# returned 1 records
# 1 entries
# 0 referrals

[root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=DomainDnsZones,DC=saitelitalia,DC=local" "(name=activity)"
nTSecurityDescriptor
# record 1
dn:
DC=activity,DC=saitelitalia.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=saitelitalia,DC=local
nTSecurityDescriptor:
O:LAG:DUD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWP

CRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCD

CLCLORCWOWDSDDTSW;;;LA)(A;;RPLCLORC;;;WD)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;E

D)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;S-1-5-21-2975140536-3837122512-173113542

7-1102)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(OA;CIID;RP;4c164200-20c0-11d0-a

768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;4c164200

-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIID
 ;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28
 ;RU)(OA;CIID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-

00aa003049e2;RU)(OA;CIID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-143

7-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;

bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIID;RP;59ba2f42-79a2-11d0-9020-0

0c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;59ba2f42-79a2

-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIID;RP;0

37088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(

OA;CIID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa0

03049e2;RU)(OA;CIID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d

0-a285-00aa003049e2;ED)(OA;CIID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967

a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIID;RP;b7c69e6d-2cc7-11d2-854e-00a0c9

83f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIID;RPLCLORC;;4828cc14-14

37-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa0

03049e2;RU)(OA;CIID;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CII

D;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOW

DSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIID

SA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049

e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a
 285-00aa003049e2;WD)

# returned 1 records
# 1 entries
# 0 referrals

ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=DomainDnsZones,DC=saitelitalia,DC=local" "(name=activity)"
nTSecurityDescriptor --show-binary
# record 1
dn:
DC=activity,DC=saitelitalia.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=saitelitalia,DC=local
nTSecurityDescriptor:     NDR: struct security_descriptor
        revision                 : SECURITY_DESCRIPTOR_REVISION_1 (1)
        type                     : 0x8c14 (35860)
               0: SEC_DESC_OWNER_DEFAULTED 
               0: SEC_DESC_GROUP_DEFAULTED 
               1: SEC_DESC_DACL_PRESENT    
               0: SEC_DESC_DACL_DEFAULTED  
               1: SEC_DESC_SACL_PRESENT    
               0: SEC_DESC_SACL_DEFAULTED  
               0: SEC_DESC_DACL_TRUSTED    
               0: SEC_DESC_SERVER_SECURITY 
               0: SEC_DESC_DACL_AUTO_INHERIT_REQ
               0: SEC_DESC_SACL_AUTO_INHERIT_REQ
               1: SEC_DESC_DACL_AUTO_INHERITED
               1: SEC_DESC_SACL_AUTO_INHERITED
               0: SEC_DESC_DACL_PROTECTED  
               0: SEC_DESC_SACL_PROTECTED  
               0: SEC_DESC_RM_CONTROL_VALID
               1: SEC_DESC_SELF_RELATIVE   
        owner_sid                : *
            owner_sid                :
S-1-5-21-2975140536-3837122512-1731135427-500
        group_sid                : *
            group_sid                :
S-1-5-21-2975140536-3837122512-1731135427-513
        sacl                     : *
            sacl: struct security_acl
                revision                 : SECURITY_ACL_REVISION_ADS (4)
                size                     : 0x0078 (120)
                num_aces                 : 0x00000002 (2)
                aces: ARRAY(2)
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT (7)
                        flags                    : 0x52 (82)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               1: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0038 (56)
                        access_mask              : 0x00000020 (32)
                        object                   : union
security_ace_object_ctr(case 7)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
f30e3bbe-9ff0-11d1-b603-0000f80367c1
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aa5-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-1-0
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT (7)
                        flags                    : 0x52 (82)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               1: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0038 (56)
                        access_mask              : 0x00000020 (32)
                        object                   : union
security_ace_object_ctr(case 7)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
f30e3bbf-9ff0-11d1-b603-0000f80367c1
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aa5-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-1-0
        dacl                     : *
            dacl: struct security_acl
                revision                 : SECURITY_ACL_REVISION_ADS (4)
                size                     : 0x04d8 (1240)
                num_aces                 : 0x0000001c (28)
                aces: ARRAY(28)
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x00 (0)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               0: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               0: SEC_ACE_FLAG_INHERITED_ACE
                            0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0024 (36)
                        access_mask              : 0x000f01ff (983551)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  :
S-1-5-21-2975140536-3837122512-1731135427-512
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x00 (0)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               0: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               0: SEC_ACE_FLAG_INHERITED_ACE
                            0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0014 (20)
                        access_mask              : 0x000f01ff (983551)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x00 (0)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               0: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               0: SEC_ACE_FLAG_INHERITED_ACE
                            0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0014 (20)
                        access_mask              : 0x000f01ff (983551)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-18
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x00 (0)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               0: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               0: SEC_ACE_FLAG_INHERITED_ACE
                            0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0024 (36)
                        access_mask              : 0x000f01ff (983551)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  :
S-1-5-21-2975140536-3837122512-1731135427-500
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x00 (0)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               0: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               0: SEC_ACE_FLAG_INHERITED_ACE
                            0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0014 (20)
                        access_mask              : 0x00020094 (131220)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-1-0
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0014 (20)
                        access_mask              : 0x000f017f (983423)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0024 (36)
                        access_mask              : 0x000f017f (983423)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  :
S-1-5-21-2975140536-3837122512-1731135427-1102
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0014 (20)
                        access_mask              : 0x000f017f (983423)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
4c164200-20c0-11d0-a768-00aa006e0529
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
4c164200-20c0-11d0-a768-00aa006e0529
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
5f202010-79a5-11d0-9020-00c04fc2d4cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
5f202010-79a5-11d0-9020-00c04fc2d4cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
bc0ac240-79a9-11d0-9020-00c04fc2d4cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
bc0ac240-79a9-11d0-9020-00c04fc2d4cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
59ba2f42-79a2-11d0-9020-00c04fc2d3cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
59ba2f42-79a2-11d0-9020-00c04fc2d3cf
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
037088f8-0ae1-11d2-b422-00a0c968f939
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x003c (60)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
037088f8-0ae1-11d2-b422-00a0c968f939
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0038 (56)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
b7c69e6d-2cc7-11d2-854e-00a0c983f608
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967a86-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0038 (56)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
b7c69e6d-2cc7-11d2-854e-00a0c983f608
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967a9c-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0038 (56)
                        access_mask              : 0x00000010 (16)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000003 (3)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
b7c69e6d-2cc7-11d2-854e-00a0c983f608
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-9
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x002c (44)
                        access_mask              : 0x00020094 (131220)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000002 (2)
                                   0: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 0)
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
4828cc14-1437-45bc-9b07-ad6f015e5f28
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x002c (44)
                        access_mask              : 0x00020094 (131220)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000002 (2)
                                   0: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 0)
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967a9c-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x002c (44)
                        access_mask              : 0x00020094 (131220)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000002 (2)
                                   0: SEC_ACE_OBJECT_TYPE_PRESENT
                                   1:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 0)
                            inherited_type           : union
security_ace_object_inherited_type(case 2)
                            inherited_type           :
bf967aba-0de6-11d0-a285-00aa003049e2
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0028 (40)
                        access_mask              : 0x00000130 (304)
                        object                   : union
security_ace_object_ctr(case 5)
                        object: struct security_ace_object
                            flags                    : 0x00000001 (1)
                                   1: SEC_ACE_OBJECT_TYPE_PRESENT
                                   0:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
                            type                     : union
security_ace_object_type(case 1)
                            type                     :
91e647de-d96f-4b70-9557-d63ff4f3ccd8
                            inherited_type           : union
security_ace_object_inherited_type(case 0)
                        trustee                  : S-1-5-10
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0024 (36)
                        access_mask              : 0x000f01ff (983551)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  :
S-1-5-21-2975140536-3837122512-1731135427-519
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0018 (24)
                        access_mask              : 0x00000004 (4)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-32-554
                    aces: struct security_ace
                        type                     :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
                        flags                    : 0x12 (18)
                               0: SEC_ACE_FLAG_OBJECT_INHERIT
                               1: SEC_ACE_FLAG_CONTAINER_INHERIT
                               0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
                               0: SEC_ACE_FLAG_INHERIT_ONLY
                               1: SEC_ACE_FLAG_INHERITED_ACE
                            0x02: SEC_ACE_FLAG_VALID_INHERIT (2)
                               0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
                               0: SEC_ACE_FLAG_FAILED_ACCESS
                        size                     : 0x0018 (24)
                        access_mask              : 0x000f01bd (983485)
                        object                   : union
security_ace_object_ctr(case 0)
                        trustee                  : S-1-5-32-544


# returned 1 records
# 1 entries
# 0 referrals

I'll try to understand meaning of these data. BTW do you see something
wrong?

Daniele.



More information about the samba-technical mailing list