[Samba] Different LDAP query in different DC...
Rowland Penny
rpenny at samba.org
Thu Nov 29 14:01:06 UTC 2018
On Thu, 29 Nov 2018 14:32:39 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > You need to explicitly ask for it, for instance:
>
> Oh, cool! Seems effectivaly different:
>
> root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" nTSecurityDescriptor #
> record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
> nTSecurityDescriptor:
> O:DAG:DAD:AI(A;CINPID;RPLCRC;;;S-1-5-21-160080369-360138
> 5002-3131615632-1314)
This one has an extra ACE and in readable form it is:
(A;CINPID;RPLCRC;;;S-1-5-21-160080369-3601385002-3131615632-1314)
"A" SDDL_ACCESS_ALLOWED ACCESS_ALLOWED_ACE_TYPE
"CI" SDDL_CONTAINER_INHERIT CONTAINER_INHERIT_ACE
"NP" SDDL_NO_PROPAGATE NO_PROPAGATE_INHERIT_ACE
"ID" SDDL_INHERITED INHERITED_ACE
"RP" SDDL_READ_PROPERTY
"LC" SDDL_LIST_CHILDREN
"RC" SDDL_READ_CONTROL
account_sid: SID string that identifies the trustee of the ACE.
S-1-5-21-160080369-3601385002-3131615632-1314
Is this the one with the problem ?
Who or what has the RID '1314' ?
Rowland
More information about the samba
mailing list