[Samba] samba-tool of delegation of permissions
abartlet at samba.org
Mon May 20 15:43:28 MDT 2013
On Mon, 2013-05-20 at 20:04 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
> Am 19.05.2013 13:39, schrieb Andrew Bartlett:
> >> Have you read the 'Known issues/limitations' on that page
> >> (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)?
> >> You still need 'acl:search=false' in your smb.conf, even if you run the
> >> latest version.
> > If that is the case, after resetting the ACLs or on a fresh provision,
> > please file a bug, showing how windows does it differently. We match
> > windows behaviour now, as far as we know.
> The bug report about that, already exists:
> Because I don't have Windows servers, I have no way to find out how
> Windows react.
You can download trail versions of Windows 2008r2 for testing and
> But when I wrote the "Join machines to the Domain as non-Domain-Admin"
> Howto, I take over the steps from MS:
> That's why I think, samba is still doing something different on
> delegation, than MS in that case, if I have to use 'acl:search=false'.
We need far, far more detail - using this ACL, this attribute is
visible/modified on windows but not on Samba - to be able to address
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba