[Samba] samba-tool of delegation of permissions
Andrew Bartlett
abartlet at samba.org
Mon May 20 15:43:28 MDT 2013
On Mon, 2013-05-20 at 20:04 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
>
> Am 19.05.2013 13:39, schrieb Andrew Bartlett:
> >> Have you read the 'Known issues/limitations' on that page
> >> (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)?
> >>
> >> You still need 'acl:search=false' in your smb.conf, even if you run the
> >> latest version.
> >
> > If that is the case, after resetting the ACLs or on a fresh provision,
> > please file a bug, showing how windows does it differently. We match
> > windows behaviour now, as far as we know.
>
> The bug report about that, already exists:
> https://bugzilla.samba.org/show_bug.cgi?id=9788
>
> Because I don't have Windows servers, I have no way to find out how
> Windows react.
You can download trail versions of Windows 2008r2 for testing and
evaluation purposes.
> But when I wrote the "Join machines to the Domain as non-Domain-Admin"
> Howto, I take over the steps from MS:
> http://support.microsoft.com/kb/932455/en-us
>
> That's why I think, samba is still doing something different on
> delegation, than MS in that case, if I have to use 'acl:search=false'.
We need far, far more detail - using this ACL, this attribute is
visible/modified on windows but not on Samba - to be able to address
this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list