[Samba] [samba] AD, ACLs on LDAP objects not replicated?
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Tue Aug 30 14:21:20 UTC 2016
On 8/30/2016 9:44 AM, mathias dufresne via samba wrote:
> Hi all,
>
> Playing with delegation today we delegated rights to some user on some OU
> and its contents for it can modify users inside that OU and children.
> We used "advanced view" in ADUC then "properties" on our delegated OU, then
> "security" tab, and finally we gave rights to our user.
>
> Perhaps this process is not correct but we believe it is a valid process to
> delegate rights. Anyone to confirm or infirm?
>
> Anyway, this process is good enough to get the delegation working... as
> long as we work on the modified DC (FSMO owner).
> As soon as we try same user modification using another DC, it hangs
> (insufficient rights to blablabla -> rights are missing, this can be seen
> using "security" tab).
>
> I expect LDAP ACLs to be replicated across the domain.
>
> Any idea what we could be missing?
>
> PS: samba-tool drs showrepl do not show any error on any server.
This is exactly how I have done it in the past. However I have always
used the same DC(fsmo owner) for all modifications. Never attempted from
another DC because of how I am replicating sysvol(rsync).
I will attempt from another DC and report back.
--
-James
More information about the samba
mailing list