Displaying 20 results from an estimated 10000 matches similar to: "AD, ACLs on LDAP objects not replicated?"
2016 Aug 30
0
AD, ACLs on LDAP objects not replicated?
On 8/30/2016 9:44 AM, mathias dufresne via samba wrote:
> Hi all,
>
> Playing with delegation today we delegated rights to some user on some OU
> and its contents for it can modify users inside that OU and children.
> We used "advanced view" in ADUC then "properties" on our delegated OU, then
> "security" tab, and finally we gave rights to our user.
2015 Oct 29
3
Local Administrators (group) and delegation in AD
On 2015-10-29 12:23, Rowland Penny wrote:
> On 29/10/15 09:47, Davor Vusir wrote:
>> On 2015-10-29 09:52, Rowland Penny wrote:
>>> On 29/10/15 08:34, Davor Vusir wrote:
>>>> Hi all!
>>>>
>>>> We have got many delegations in our AD. To add a certain
>>>> administrator group to the local Administrators group you can use
2015 Oct 29
2
Local Administrators (group) and delegation in AD
mathias dufresne skrev den 2015-10-29 14:31:
> I'm thick :D
> I don't really understand more :(
>
No. I'm having trouble explaining. Maybe these threads are more
enlightning:
https://lists.samba.org/archive/samba/2015-April/191020.html and
http://www.spinics.net/lists/samba/msg123646.html.
> Samba can share file, printers and when samba hosts a domain samba is also
2015 Nov 03
2
Local Administrators (group) and delegation in AD
On 03/11/15 08:10, Davor Vusir wrote:
>
>
> No, Davor. That won't work. The delegated user account is not member
> of 'AD\Domain Admins' which is member of the group
> 'SERVER\Administrators'. You have to use the username map to be able
> to add the first AD-group or account to 'SERVER\Administrators'.
>
No, Davor, you don't have to use a
2016 Apr 05
2
DNS issues after FSMO seize
Ok Mathias..
I hoop this helps a bit.
https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx
now type :
nslookup -type=soa internal.domain.tld
or
nslookup -debug -type=soa internal.domain.tld
and look at
nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server.
nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server.
And see..
The soa record contains only
2015 Oct 30
2
Local Administrators (group) and delegation in AD
On 2015-10-29 21:32, Rowland Penny wrote:
> On 29/10/15 19:38, Davor Vusir wrote:
>>
>>
>> mathias dufresne skrev den 2015-10-29 14:31:
>>> I'm thick :D
>>> I don't really understand more :(
>>>
>>
>> No. I'm having trouble explaining. Maybe these threads are more
>> enlightning:
>>
2015 Nov 04
1
Local Administrators (group) and delegation in AD
On 04/11/15 15:09, mathias dufresne wrote:
> As Davor wants to delegate I expect he does not want to give
> Administrator password to these persons ;) And using a keytab to
> avoid giving them the password is not a solution: they would be able
> to perform everything they want on samba, which is certainly far from
> the delegation he initially thought...
Ah, what I posted was
2016 May 23
1
linux server a memeber of AD (with use of realm) - and samba?
2016-05-19 19:06 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 19/05/16 17:37, lejeczek wrote:
>
>>
>>
>> On 19/05/16 16:49, Rowland penny wrote:
>>
>>> On 19/05/16 15:50, lejeczek wrote:
>>>
>>>> fellow users
>>>>
>>>> I'd like to ask is it possible, and if yes what's the correct way to
2016 Nov 16
2
Replication of permissions on AD Directory not automatic
Hi All,
I've been testing Samba 4.5.1 extensively as an AD DC. We have 3 DC set
up, and replication of users, groups, OUs, DNS etc has been working fine.
However we wanted to add some custom attributes and a class to the
schema (an assortment of string and numericalString) for our own
purposes. This also worked fine (and the Schema replication worked), but
some oddness happened when we
2015 Oct 29
4
Local Administrators (group) and delegation in AD
On 2015-10-29 09:52, Rowland Penny wrote:
> On 29/10/15 08:34, Davor Vusir wrote:
>> Hi all!
>>
>> We have got many delegations in our AD. To add a certain
>> administrator group to the local Administrators group you can use GPO
>> for Windowsservers. As Samba does not understand GPO I have initially
>> used the "username map" feature to add a
2016 Sep 02
4
AD, add computers delegation
Hi,
Following that link https://support.microsoft.com/en-us/kb/932455 we
created a delegation to permit some group to add computers into AD.
That works except if some computer with same name was already added (even
if this computer with same name was previously cleanly removed from AD).
Anyone who has idea what we missed?
Cheers,
M.
2016 Apr 05
3
DNS issues after FSMO seize
For me:
- SOA means where updates can be sent.
- SOA can be one or several.
- NS is a record to help non-authoritative name servers to find a valid
name server for the zone they receive a request and they don't know
anything about that zone.
- SOA is often declared as NS, I agree. I explained this is not mandatory.
There is no link between these two notions except they share a zone.
You are
2013 Aug 15
1
Samba4 & Delegation
Hi,
It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem.
For information, what I was trying to do was:
- Create an OU for a group of applications
- Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them
The problem was, whenever I
2013 Jan 14
3
Samba4 AD delegation to read userPassword attribute
Hello Samba group,
I ran into a problem concerning Dovecot LDAP authentication to the Samba4 Active Directory.
Background: I want to install a Openchange+Samba4 environment using Sogo, Dovecot and Postfix. I didn't want to use openldap as described in the Openchange documentation, why should I use 2 LDAP databases?
Fedora 17, latest updates applied
Samba: Version 4.1.0pre1-GIT-813bd03
2007 Sep 19
8
ZFS Solaris 10u5 Proposed Changes
ZFS Fans,
Here''s a list of features that we are proposing for Solaris 10u5. Keep
in mind that this is subject to change.
Features:
PSARC 2007/142 zfs rename -r
PSARC 2007/171 ZFS Separate Intent Log
PSARC 2007/197 ZFS hotplug
PSARC 2007/199 zfs {create,clone,rename} -p
PSARC 2007/283 FMA for ZFS Phase 2
PSARC/2006/465 ZFS Delegated Administration
PSARC/2006/577 zpool property to
2018 Jan 06
5
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client.
When I select the option "Account is sensitive and cannot be delegated" (in Active Directory Users and Computers under the Account tab) for a user account regardless of its
2005 May 11
6
Need help with GSSAPI authentication
Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11.
I've also got MIT Kerberos for Windows installed on the client, and Leash
shows that my tickets ARE forwardable.
Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
OpenSSH 4.0p1.
I've created two AD accounts, and extracted keys mapped to
"host/hostname.domainname.com at REALM.COM" and
2018 Jan 31
2
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
On 6/1/2018 23:55, Andrew Bartlett wrote:
> On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote:
>> I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client.
>>
>> When I select the option "Account is
2015 Aug 18
2
NFSv4 delegation
On 8/18/2015 10:46 AM, Alessio Cecchi wrote:
> Hi,
>
> in this tipical setup (Dovecot/Director thate share Maildir via NFS) on
> your NFS Server you have (about) 90% of read operations and only 10% of
> write operations.
>
> If you see detailed stats for NFS operations you have 40-50% of GETATTR,
> this means that NFS/Dovecot clients are caching data (mainly dovecot
>
2005 Jul 18
9
Proposal to allow owning group to edit ACLs.
Hi all,
I've been spending some time with customers lately and I've
discovered an interesting thing. Many IT departments completely delegate
the settings on directory and file ACLs to the users who are interested
in the data.
For example, on a given share for "Finance", the finance group is given
full control on the containing directory (ie. they're allowed to set ACLs
on