Displaying 3 results from an estimated 3 matches for "aa379570".
2016 Jun 28
2
[Samba as AD] ACLs on LDAP attributes?
Hi all,
We are thinking to hide some attribute contents to almost everyone but
those we decide they can read it. It is possible with real LDAP servers as
OpenLDAP but is it with LDAP server shipped with Samba 4 working as AD?
About accessing the whole tree I believe that Samba as AD refuses any
unauthenticated query. Is that true? I did tested that but my search could
be wrong or perhaps the
2016 Jun 28
0
[Samba as AD] ACLs on LDAP attributes?
...egards,
>
> mathias
Try investigating the 'nTSecurityDescriptor' attribute, which funnily
enough is an hidden attribute, this contains the ownership and
permissions of an AD object.
You will probably need to read this as well:
https://msdn.microsoft.com/en-us/library%28d=robot%29/aa379570%28d=robot,l=en-us,v=vs.85%29.aspx
Rowland
2015 Jun 17
3
samba tool and sysvol/gpo checks error/bugged? ( but it all works ok)
Hai,
?
im running samba 4.2.2 sernet on debian.
?
when i run :
samba-tool gpo aclcheck -UAdministrator
?
im getting :
ERROR: Invalid GPO ACL
O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
and it tells me it should be
O:DAG:DAD:P?