[Samba] Different LDAP query in different DC...
Rowland Penny
rpenny at samba.org
Thu Nov 29 15:08:48 UTC 2018
On Thu, 29 Nov 2018 15:42:04 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > S-1-5-21-160080369-3601385002-3131615632-1314
>
> Bingo! Exactly the 'Restricted' group that own the users i use for
> generico LDAP access!
> I really think that we have found the trouble!
>
>
> Now... how can i fix it? ;-)
Depends, do you want to add the ACE on other DC's or remove it ?
You can add it with:
samba-tool dsacl set
--sddl=(A;CINPID;RPLCRC;;;S-1-5-21-160080369-3601385002-3131615632-1314)
To remove it, you will have to use Windows tools unless somebody knows
another way
>
> And... why that vaule get not propagated?!
It should be propagated, so, no I don't know why it wasn't
Rowland
More information about the samba
mailing list