search for: aa379570

Hi all, We are thinking to hide some attribute contents to almost everyone but those we decide they can read it. It is possible with real LDAP servers as OpenLDAP but is it with LDAP server shipped with Samba 4 working as AD? About accessing the whole tree I believe that Samba as AD refuses any unauthenticated query. Is that true? I did tested that but my search could be wrong or perhaps the

...egards, > > mathias Try investigating the 'nTSecurityDescriptor' attribute, which funnily enough is an hidden attribute, this contains the ownership and permissions of an AD object. You will probably need to read this as well: https://msdn.microsoft.com/en-us/library%28d=robot%29/aa379570%28d=robot,l=en-us,v=vs.85%29.aspx Rowland

Hai, ? im running samba 4.2.2 sernet on debian. ? when i run : samba-tool gpo aclcheck -UAdministrator ? im getting : ERROR: Invalid GPO ACL O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) and it tells me it should be O:DAG:DAD:P?