Web lists-archives.com

Re: [Samba] samba4 auth (ldap) starnge problem




On Fri, 20 Apr 2018 12:36:37 +0200
"Dr. Peer-Joachim Koch via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> On 20.04.2018 11:26, Rowland Penny via samba wrote:
> > Probably, but wouldn't it be easier to just dump the AD object of a
> > user that works and the AD object of one that doesn't and then
> > compare them ?
> How can I compare it ?
> ldapsearch for both accounts does not show any differences (for
> me) ...

This where it gets difficult ;-)
There are attributes that don't get displayed by default,
'nTSecurityDescriptor' is one of them, this contains the ACES that
allow or deny access to the object, perhaps this is what has changed.
To see this, you have to ask for it by adding 'nTSecurityDescriptor' at
the end of the ldapsearch.

See here for a list of user attributes:

http://www.kouti.com/tables/userattributes.htm

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba