similar to: Regarding changing ACL with LDAP or SAMBA

On 04/01/16 01:43, Jonathan Hunter wrote: > Hi, > > A while ago I successfully set permissions on a section of my LDAP / AD > tree, using either ADUC or ADSIEDIT (I forget which). These permissions > allowed my own user to access this section of the tree; I removed > permissions for 'Domain Admins' etc. to ensure that others would not be > able to view or change the

On 05/01/16 21:24, Jonathan Hunter wrote: > On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > >> I'll try to use ldbedit to grant myself permissions on the OU again .. Is >> ldbedit safe to use: >> >> - on a running Samba server (or do I need to stop samba) >> - in a multi-DC environment (or do I need to run it and make the

Hi Tim and Rowland, thanks for Your support! I was thinking about e.g. Python 2.7.15 compatibility (as newer Samba versions require Python3), but You are right, here in DB can be problem - first Samba AD DC was created by migrating Samba3 NT4 domain to Samba4 AD cca week ago (using 'samba-tool domain classicupgrade ...', according to Samba Wiki): On Tue, 26 Mar 2019 10:14:02 +1300 Tim

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it

The story gets deeper, also.. (nothing is ever easy, right? :-)) Using the ldbsearch command above, I could at least view the SIDs that have access to the OU. One of them should be a group called "mysecretou Managers"; I can see from ADUC that my user is indeed still a member of this group (so far, so good). However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234"

Thank you, Rowland! On 4 January 2016 at 10:36, Rowland penny <rpenny at samba.org> wrote: > On 04/01/16 01:43, Jonathan Hunter wrote: > >> I can view the data using ldbsearch when logged in as root on the DC >> itself >> - but how do I view the permissions and edit them from the commandline? >> > > They are stored in a hidden attribute called

I did it: root at dom2:~# samba-tool dbcheck --fix Checking 705 objects Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back to provision default? Owner mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref) DA(in current) Part dacl is different between reference and current here is the detail:

root at dom2:~# samba-tool dbcheck --fix --yes Checking 705 objects Checked 705 objects (0 errors) root at dom2:~# samba-tool dbcheck --cross-ncs Checking 4506 objects Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted

Hi, I have a samba 4.7.9 DC that I am trying to remove a windows SBS dc from. In doing this I have run across several problems. For whatever reason when I try to dcpromo the windows DC it fails because it says it cannot contact the samba4 DC. I have checked replication as per https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses All of the tests pass. Since we are going

On Mon, 15 Apr 2024 07:53:16 +0200 Daniel M?ller via samba <samba at lists.samba.org> wrote: > I did it: > root at dom2:~# samba-tool dbcheck --fix > Checking 705 objects > Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back > to provision default? Owner > mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref)

Hello to all, After updating to samba 4.20 (from samba 4.19) on Debian 11, samba-tool dbcheck --cross-ncs results in: samba-tool dbcheck --cross-ncs Checking 4499 objects Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted

On Fri, 2024-04-12 at 08:03 +0200, Daniel M?ller via samba wrote: > Hello to all, > > After updating to samba 4.20 (from samba 4.19) on Debian 11, samba-tool > dbcheck --cross-ncs > results in: > samba-tool dbcheck --cross-ncs > Checking 4499 objects > Not resetting nTSecurityDescriptor on CN=Deleted > Objects,CN=Configuration,DC=tlk,DC=loc > Not resetting

On Mon, 2023-11-27 at 13:27 +0100, Jule Anger via samba wrote: > Release Announcements > --------------------- > > This is the latest stable release of the Samba 4.19 release series. > It contains the security-relevant bug CVE-2018-14628: > > ???? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" > ???? allow read of object tombstones over LDAP >

Release Announcements --------------------- This is the latest stable release of the Samba 4.18 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Release Announcements --------------------- This is the latest stable release of the Samba 4.18 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Release Announcements --------------------- This is the latest stable release of the Samba 4.19 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Release Announcements --------------------- This is the latest stable release of the Samba 4.19 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Hi all I am trying to create a script to migrate our current old Samba3 LDAP based domain to a new Samba4 (4.0.9, Sernet compilation) domain. We have 3 servers, all replicating. If I add a user using samba-tool, all wotks fine, but If I try to create a user using a Python script, for example, with this LDIF: dn: cn=XXXXXXX,OU=Usuarios,OU=dept,DC=org,DC=test displayName: XXXXX samAccountName:

Hi everyone, I know this one has been addressed before. I have had so much trouble getting the IDEALX scripts to work that I set about writing my own and they almost work. The trouble is with the add machine script. The first time I do the join, I get an access denied error message on WinXP. I have verified that an entry for the machine was successfully created in ldap. Then, I try again

Hi, A while ago I successfully set permissions on a section of my LDAP / AD tree, using either ADUC or ADSIEDIT (I forget which). These permissions allowed my own user to access this section of the tree; I removed permissions for 'Domain Admins' etc. to ensure that others would not be able to view or change the data - this has worked great for many months. I have just tried to add a new