[Samba] Delegation of control failure for any built-in Security Principals
Rowland Penny
rpenny at samba.org
Sun Jan 22 19:45:52 UTC 2023
On 22/01/2023 19:20, Sorin P. wrote:
> Indeed there is a config file (which I forgot to paste initially). Here
> it is:
> ---------------------------------------------------------
> [ADDC]
> URI=dc.domain.org
> BASE_DN=CN=Users,DC=domain,DC=org
> SSH_KEY_ATTR=sshPublicKey
> LDAP_SERVER=ldap://dc.domain.org:389
> ---------------------------------------------------------
>
> But I don't believe there's any problem with it.
> Also here's the procedure that needs to be followed in order to allow
> the self-write rights (attached)
There doesn't seem to be much wrong there, I would have the BASE_DN just
pointing to 'DC=domain,DC=org', just in case there are users in another
CN or OU. Have you tried the LDAP_SERVER without the ':389' ? AD usually
starts at '389' by default.
All I can say is that I can write to my AD record using an ldif and my
name and password e.g.
ldbmodify -H ldap://rpidc1 /tmp/add.ldif -Urowland
Rowland
By the way, this list strips attachments, I get them if, as you are
doing, they are sent direct to me.
Rowland
More information about the samba
mailing list