[Samba] dsacl
Rowland Penny
rowlandpenny at googlemail.com
Fri Feb 20 08:34:50 MST 2015
On 19/02/15 23:33, Felipe_G0NZ4LEZ_S4NTI4G0(); wrote:
> I am trying to grant or denied access to a user for changing his passwd, it's the option: User cannot change passwd. For this, I am trying to use samba-tool dsacl set [option], but I am not sure of its syntax. Could you help me with that? I need to denied this permission without use ADUC or any private tool. My Regards!
Hi, the syntax is (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)
*AND* (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
These ACE's will be found in the users 'nTSecurityDescriptor' attribute
and it is a bit more involved than just adding them with 'samba-tool',
the originals must be replaced, or to be more precise, the entire ACL
must be replaced.
Rowland
More information about the samba
mailing list