Hi all, I'm trying to understand the user privileges implementation, and i've stumbled in to a question. My scenario. Samba + LDAP in central office acting as PDC 8 Samba + LDAP(replica) servers in 8 offices over a WAN acting as BDC's. Every office has a local Sysadmin. Also there are some technical guys who can add machines to the domain. If I understood well, the technical guys must have SeMachineAccountPrivilege. I remember reading somewhere that rights are set in a "by DC basis". Are they? So here are my questions: If I set this rights at the local BDC, will they be replicated? If I set at the PDC will they be replicated? If not, is there any way to achieve it? Maybe storing permissions in the LDAP? Thanks for any information on this subject. Bruno Guerreiro
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruno Guerreiro wrote: | If I set this rights at the local BDC, will they | be replicated? If I set at the PDC will they be | replicated? If not, is there any way to achieve it? | Maybe storing permissions in the LDAP? There is no replication of privileges in the current code. You can simply rsync the account_pol.tdb between machines though. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDHuFFIR7qMdg1EfYRAkPxAKCT6yPBb4Wiv8bPOfQzQ22FgQffzACg40AO VdIQ/VVW78BL1HQS7zhOkW8=TlFU -----END PGP SIGNATURE-----