[Samba 4] AD Modifications fail from some client programs but not others
Brian C. Huffman
bhuffman at etinternational.com
Tue May 29 09:14:25 MDT 2012
All,
I was able to get the schema modifications for Kerio Mail server
installed in Samba4 (I ran their executable on a Windows 2008 server and
then located the schema that was added and then imported into S4).
However, now I'm trying to run their UI portion of their admin and it's
apparently trying to make changes that are being rejected by the Samba
server. The odd thing is that I can use the ADSI admin tool on Windows
and perform (what seems to me to be) the same changes and it works.
Here's an example of what I see in wireshark when their executable is
running:
LDAPMessage modifyResponse(15) insufficientAccessRights (00002098:
Object
CN=group-Display,CN=407,CN=DisplaySpecifiers,CN=Configuration,DC=xmen,DC=eti
has no write property access)
They're trying to add a value to adminContextMenu of
"2,{11330101-C4C8-11D6-B1DF-000476962053}"
If I try to do the same thing with ADSI, it appears to work.
Unfortunately there are other things they're also trying to do which
fail, so I'm trying to understand what is happening.
Thanks,
Brian
More information about the samba-technical
mailing list