[Samba 4] AD Modifications fail from some client programs but not others

Brian C. Huffman bhuffman at etinternational.com
Fri Jul 13 09:07:03 MDT 2012


This still happens with beta3.  Does anyone know why this happens? Is 
there any way to get around it?


On 05/29/2012 11:14 AM, Brian C. Huffman wrote:
> All,
> I was able to get the schema modifications for Kerio Mail server 
> installed in Samba4 (I ran their executable on a Windows 2008 server 
> and then located the schema that was added and then imported into 
> S4).  However, now I'm trying to run their UI portion of their admin 
> and it's apparently trying to make changes that are being rejected by 
> the Samba server.  The odd thing is that I can use the ADSI admin tool 
> on Windows and perform (what seems to me to be) the same changes and 
> it works.
> Here's an example of what I see in wireshark when their executable is 
> running:
> LDAPMessage modifyResponse(15) insufficientAccessRights (00002098: 
> Object 
> CN=group-Display,CN=407,CN=DisplaySpecifiers,CN=Configuration,DC=xmen,DC=eti 
> has no write property access)
> They're trying to add a value to adminContextMenu of 
> "2,{11330101-C4C8-11D6-B1DF-000476962053}"
> If I try to do the same thing with ADSI, it appears to work. 
> Unfortunately there are other things they're also trying to do which 
> fail, so I'm trying to understand what is happening.
> Thanks,
> Brian

More information about the samba-technical mailing list