Hi, It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem. For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them The problem was, whenever I used "Security Groups" the delegation did not work. Impossible for the user to whom I delegated group creation and modifaction rights of the ou to add or remove domain users. The work-around (since Security Groups are all to picky) --> Use "Distribution Groups". Once I created distribution groups in the OU I was able to freely assing users to them and remove them as required. Now this is definetly not best pratice, but until the same is possible in an easy way with Security Groups this will well serve the purpose. Cheers & best, Andreas PS: Marc thx a lot for your help before - since I read a bit more about GIT, I know understand much better the Samba4 building howto and how to get the latest stable version. It's all good now ;-) *On 08 May 2013 23:00, Marc Muehlfeld has written: *> Hello Andreas,> > Am 08.05.2013 20:08, schrieb Andreas Krupp: > > Thx a lot for the quick reply. > > I will try to upgrade or possibly reinstall my Samba4 Instance. > > At the moment the command returns me: 4.1.Opre1-GIT-5f2edd1 > > I guess that is not really right version or the latest release. > > I tried your command to reset the ACLs but that command is not part of my dbcheck. I tried and could not find your command in the list either. So I am starting to think that my problems maybe come from the entire version. > > > > I will set up a VM, reinstall centos + samba4 and see if that works better :) > > The '--reset-well-known-acls' option was introduced in 4.0.5 (this is > the latest version). > > Maybe someone else on the list can say if you can switch from your git > version to 4.0.5. > > > Regards, > Marc > > ??
Hello Andreas, Am 15.08.2013 11:07, schrieb Andreas Krupp:> For information, what I was trying to do was: > - Create an OU for a group of applications > - Delegate control of this OU to a normal user (not helpdesk or domain > admin) to be able to create groups and assign domain users to them- What where the exact steps you did? - On what Samba version? - Did you run 'samba-tool dbcheck --reset-well-known-acls --fix' to reset the ACLs? This is recommented for 4.0.5 and higher, if you provisioned your domain with an earlier version to fix missing ACLs. (If you haven't done yet, remember, that you'll loose your current delegations!)> The problem was, whenever I used "Security Groups" the delegation did > not work. Impossible for the user to whom I delegated group creation and > modifaction rights of the ou to add or remove domain users. > > The work-around (since Security Groups are all to picky) --> Use > "Distribution Groups". > Once I created distribution groups in the OU I was able to freely assing > users to them and remove them as required. > Now this is definetly not best pratice, but until the same is possible > in an easy way with Security Groups this will well serve the purpose.If it's reproducable, you should open a bug report with the exact steps and a level 10 debug log, to get this fixed in future.> PS: Marc thx a lot for your help before - since I read a bit more about > GIT, I know understand much better the Samba4 building howto and how to > get the latest stable version. It's all good now ;-)If you are using versions from git, remember, that they can contain code that shouldn't be used for production yet. Regards, Marc