Rowland Penny
2023-Jan-22 19:45 UTC
[Samba] Delegation of control failure for any built-in Security Principals
On 22/01/2023 19:20, Sorin P. wrote:> Indeed there is a config file (which I forgot to paste initially). Here > it is: > --------------------------------------------------------- > [ADDC] > URI=dc.domain.org > BASE_DN=CN=Users,DC=domain,DC=org > SSH_KEY_ATTR=sshPublicKey > LDAP_SERVER=ldap://dc.domain.org:389 > --------------------------------------------------------- > > But I don't believe there's any problem with it. > Also here's the procedure that needs to be followed in order to allow > the self-write rights (attached)There doesn't seem to be much wrong there, I would have the BASE_DN just pointing to 'DC=domain,DC=org', just in case there are users in another CN or OU. Have you tried the LDAP_SERVER without the ':389' ? AD usually starts at '389' by default. All I can say is that I can write to my AD record using an ldif and my name and password e.g. ldbmodify -H ldap://rpidc1 /tmp/add.ldif -Urowland Rowland By the way, this list strips attachments, I get them if, as you are doing, they are sent direct to me. Rowland