[Samba] [samba] AD, ACLs on LDAP objects not replicated?
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Tue Aug 30 14:57:34 UTC 2016
On 8/30/2016 9:44 AM, mathias dufresne via samba wrote:
> Hi all,
>
> Playing with delegation today we delegated rights to some user on some OU
> and its contents for it can modify users inside that OU and children.
> We used "advanced view" in ADUC then "properties" on our delegated OU, then
> "security" tab, and finally we gave rights to our user.
>
> Perhaps this process is not correct but we believe it is a valid process to
> delegate rights. Anyone to confirm or infirm?
>
> Anyway, this process is good enough to get the delegation working... as
> long as we work on the modified DC (FSMO owner).
> As soon as we try same user modification using another DC, it hangs
> (insufficient rights to blablabla -> rights are missing, this can be seen
> using "security" tab).
>
> I expect LDAP ACLs to be replicated across the domain.
>
> Any idea what we could be missing?
>
> PS: samba-tool drs showrepl do not show any error on any server.
It worked for me on the additional DC's. Went to security tab, add
user/group, gave read,write, create all child objects, went to advanced
view and set 'apply to: This object and all descendant objects'.
--
-James
More information about the samba
mailing list