[Samba] [samba] AD, ACLs on LDAP objects not replicated?
mathias dufresne
infractory at gmail.com
Tue Aug 30 15:32:13 UTC 2016
Thank you for that test, really. So the process is correct, we'll dig to
solve that issue.
Thank you again lingpanda ;)
2016-08-30 16:57 GMT+02:00 lingpanda101 at gmail.com <lingpanda101 at gmail.com>:
> On 8/30/2016 9:44 AM, mathias dufresne via samba wrote:
>
>> Hi all,
>>
>> Playing with delegation today we delegated rights to some user on some OU
>> and its contents for it can modify users inside that OU and children.
>> We used "advanced view" in ADUC then "properties" on our delegated OU,
>> then
>> "security" tab, and finally we gave rights to our user.
>>
>> Perhaps this process is not correct but we believe it is a valid process
>> to
>> delegate rights. Anyone to confirm or infirm?
>>
>> Anyway, this process is good enough to get the delegation working... as
>> long as we work on the modified DC (FSMO owner).
>> As soon as we try same user modification using another DC, it hangs
>> (insufficient rights to blablabla -> rights are missing, this can be seen
>> using "security" tab).
>>
>> I expect LDAP ACLs to be replicated across the domain.
>>
>> Any idea what we could be missing?
>>
>> PS: samba-tool drs showrepl do not show any error on any server.
>>
>
> It worked for me on the additional DC's. Went to security tab, add
> user/group, gave read,write, create all child objects, went to advanced
> view and set 'apply to: This object and all descendant objects'.
>
> --
> -James
>
>
More information about the samba
mailing list