[Samba] Samba4 & Delegation
Andreas Krupp
andreaskrupp at akrupp.ch
Mon May 6 12:38:32 MDT 2013
Hello,
Not sure if this is the right forum for this question, but since I am
running a Samba4 DC I thought I'd start here.
I have create a separate OU to manage Groups and Users for Applications:
1) ou=myappX,ou=app,dc=mydomain,dc=home
All Users (and other groups, e.g. Domain Users) are obviously found in :
2) cn=users,dc=mydomain,dc=home
So I created a service account that has "Full Control" on the separate OU
(1). And I am trying to give this service account the rights to add/remove
users and groups to my OU groups.
I seem to have 2 problems:
1) Even if I give this service account "Full Control" on (2) where the
users are, it only works with newly created users (the rights do not get
inherited and I have not come across a good post on how to do that)
2) If I give rights to Read/Write the "memberOf" property, I have the
same result - it simply does not work (I tried this by giving permissions on
a single user and then trying to assign him to a group). Actually, even if I
give "Full Control" on a single user, I cannot assign him one of my groups.
Any hints of where or how I should approach this?
Cheers & thx,
Andreas
More information about the samba
mailing list