Web lists-archives.com

Re: [Samba] Different LDAP query in different DC...




On Thu, 29 Nov 2018 15:42:04 +0100
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > S-1-5-21-160080369-3601385002-3131615632-1314
> 
> Bingo! Exactly the 'Restricted' group that own the users i use for
> generico LDAP access!
> I really think that we have found the trouble!
> 
> 
> Now... how can i fix it? ;-)

Depends, do you want to add the ACE on other DC's or remove it ?

You can add it with:

samba-tool dsacl set
--sddl=(A;CINPID;RPLCRC;;;S-1-5-21-160080369-3601385002-3131615632-1314)

To remove it, you will have to use Windows tools unless somebody knows
another way

> 
> And... why that vaule get not propagated?!

It should be propagated, so, no I don't know why it wasn't

Rowland
  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba