[Samba] Different LDAP query in different DC...

Rowland Penny rpenny at samba.org
Thu Nov 29 15:08:48 UTC 2018

On Thu, 29 Nov 2018 15:42:04 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> > S-1-5-21-160080369-3601385002-3131615632-1314
> Bingo! Exactly the 'Restricted' group that own the users i use for
> generico LDAP access!
> I really think that we have found the trouble!
> Now... how can i fix it? ;-)

Depends, do you want to add the ACE on other DC's or remove it ?

You can add it with:

samba-tool dsacl set

To remove it, you will have to use Windows tools unless somebody knows
another way

> And... why that vaule get not propagated?!

It should be propagated, so, no I don't know why it wasn't


More information about the samba mailing list