[Samba] Delegation of control failure for any built-in Security Principals
Rowland Penny
rpenny at samba.org
Sun Jan 22 16:55:26 UTC 2023
On 22/01/2023 16:27, Sorin P. via samba wrote:
> Hi Rowland.
> The answers to your questions:
> - Yes, it works fine with any other normal user (non-built in users), including the domain administrator user.A. I'm referring to Debian architecture like that, because that's exactly what's returned by 'uname -m' -> aarch64B. I prefer to build by myself, in order to disable all the stuff which I know that I do not need for sure: printing support, avahi, dmapi, systemd support, clustering, glusterfs.
I do not see why you bother, but each to their own.
> Any ideas on how I can dig into this problem further?
Stop trying to use 'SELF', Samba appears to have nothing to map it to.
Here's my smb.conf:
> [global]
> allow dns updates = secure only
> bind interfaces only = Yes
> disable spoolss = Yes
> interfaces = eth0
> ldap server require strong auth = Yes
> netbios name = DC
> ntlm auth = mschapv2-and-ntlmv2-only
> printcap name = /dev/null
> realm = DOMAIN.ORG
> restrict anonymous = 2
> server min protocol = SMB3
> server role = active directory domain controller
> tls cafile = tls/bundle_ca.crt
> tls certfile = tls/dc.crt
> tls enabled = Yes
> tls keyfile = tls/dc.key
> wins server = 10.1.1.4
> wins support = Yes
> workgroup = DOMAIN
> idmap_ldb:use rfc2307 = yes
> comment = "Domain Controller for domain.org"
Can I ask why you have set the 'wins server' parameter on something that
doesn't use wins ? Especially when you have set 'server min protocol' to
SMB3.
Rowland
More information about the samba
mailing list