[Samba] Delegation of control failure for any built-in Security Principals
Rowland Penny
rpenny at samba.org
Sun Jan 22 17:31:21 UTC 2023
On 22/01/2023 17:15, Sorin P. wrote:
> Hi Rowland.
>
> What else can I use instead "SELF" then?
> I'm trying to allow AD users to self-write sshPublicKeys attribute,
> which I've already added to the schema.
you do realise that properly setup, SSH will work with kerberos, without
keys or passwords.
>
> Additionally, the same error appears when choosing "Everyone" instead
> "SELF".
These Well Know SIDs do not have anything to map them to. If you must
use keys, then surely the attribute is part of the uses AD object and as
such should be owned by the user, who should have write permission.
As I said (in a round about way), I use kerberos instead of keys.
Rowland
More information about the samba
mailing list