[Samba] samba-tool of delegation of permissions

Andrew Bartlett abartlet at samba.org
Mon May 20 15:43:28 MDT 2013

On Mon, 2013-05-20 at 20:04 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
> Am 19.05.2013 13:39, schrieb Andrew Bartlett:
> >> Have you read the 'Known issues/limitations' on that page
> >> (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)?
> >>
> >> You still need 'acl:search=false' in your smb.conf, even if you run the
> >> latest version.
> >
> > If that is the case, after resetting the ACLs or on a fresh provision,
> > please file a bug, showing how windows does it differently.  We match
> > windows behaviour now, as far as we know.
> The bug report about that, already exists:
> https://bugzilla.samba.org/show_bug.cgi?id=9788
> Because I don't have Windows servers, I have no way to find out how 
> Windows react.

You can download trail versions of Windows 2008r2 for testing and
evaluation purposes. 

> But when I wrote the "Join machines to the Domain as non-Domain-Admin" 
> Howto, I take over the steps from MS:
> http://support.microsoft.com/kb/932455/en-us
> That's why I think, samba is still doing something different on 
> delegation, than MS in that case, if I have to use 'acl:search=false'.

We need far, far more detail - using this ACL, this attribute is
visible/modified on windows but not on Samba - to be able to address

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list