similar to: AD, ACLs on LDAP objects not replicated?

On 8/30/2016 9:44 AM, mathias dufresne via samba wrote: > Hi all, > > Playing with delegation today we delegated rights to some user on some OU > and its contents for it can modify users inside that OU and children. > We used "advanced view" in ADUC then "properties" on our delegated OU, then > "security" tab, and finally we gave rights to our user.

On 2015-10-29 12:23, Rowland Penny wrote: > On 29/10/15 09:47, Davor Vusir wrote: >> On 2015-10-29 09:52, Rowland Penny wrote: >>> On 29/10/15 08:34, Davor Vusir wrote: >>>> Hi all! >>>> >>>> We have got many delegations in our AD. To add a certain >>>> administrator group to the local Administrators group you can use

mathias dufresne skrev den 2015-10-29 14:31: > I'm thick :D > I don't really understand more :( > No. I'm having trouble explaining. Maybe these threads are more enlightning: https://lists.samba.org/archive/samba/2015-April/191020.html and http://www.spinics.net/lists/samba/msg123646.html. > Samba can share file, printers and when samba hosts a domain samba is also

On 03/11/15 08:10, Davor Vusir wrote: > > > No, Davor. That won't work. The delegated user account is not member > of 'AD\Domain Admins' which is member of the group > 'SERVER\Administrators'. You have to use the username map to be able > to add the first AD-group or account to 'SERVER\Administrators'. > No, Davor, you don't have to use a

Ok Mathias.. I hoop this helps a bit. https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx now type : nslookup -type=soa internal.domain.tld or nslookup -debug -type=soa internal.domain.tld and look at nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server. nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server. And see.. The soa record contains only

On 2015-10-29 21:32, Rowland Penny wrote: > On 29/10/15 19:38, Davor Vusir wrote: >> >> >> mathias dufresne skrev den 2015-10-29 14:31: >>> I'm thick :D >>> I don't really understand more :( >>> >> >> No. I'm having trouble explaining. Maybe these threads are more >> enlightning: >>

On 04/11/15 15:09, mathias dufresne wrote: > As Davor wants to delegate I expect he does not want to give > Administrator password to these persons ;) And using a keytab to > avoid giving them the password is not a solution: they would be able > to perform everything they want on samba, which is certainly far from > the delegation he initially thought... Ah, what I posted was

2016-05-19 19:06 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 19/05/16 17:37, lejeczek wrote: > >> >> >> On 19/05/16 16:49, Rowland penny wrote: >> >>> On 19/05/16 15:50, lejeczek wrote: >>> >>>> fellow users >>>> >>>> I'd like to ask is it possible, and if yes what's the correct way to

Hi All, I've been testing Samba 4.5.1 extensively as an AD DC. We have 3 DC set up, and replication of users, groups, OUs, DNS etc has been working fine. However we wanted to add some custom attributes and a class to the schema (an assortment of string and numericalString) for our own purposes. This also worked fine (and the Schema replication worked), but some oddness happened when we

On 2015-10-29 09:52, Rowland Penny wrote: > On 29/10/15 08:34, Davor Vusir wrote: >> Hi all! >> >> We have got many delegations in our AD. To add a certain >> administrator group to the local Administrators group you can use GPO >> for Windowsservers. As Samba does not understand GPO I have initially >> used the "username map" feature to add a

Hi, Following that link https://support.microsoft.com/en-us/kb/932455 we created a delegation to permit some group to add computers into AD. That works except if some computer with same name was already added (even if this computer with same name was previously cleanly removed from AD). Anyone who has idea what we missed? Cheers, M.

For me: - SOA means where updates can be sent. - SOA can be one or several. - NS is a record to help non-authoritative name servers to find a valid name server for the zone they receive a request and they don't know anything about that zone. - SOA is often declared as NS, I agree. I explained this is not mandatory. There is no link between these two notions except they share a zone. You are

Hi, It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem. For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them The problem was, whenever I

Hello Samba group, I ran into a problem concerning Dovecot LDAP authentication to the Samba4 Active Directory. Background: I want to install a Openchange+Samba4 environment using Sogo, Dovecot and Postfix. I didn't want to use openldap as described in the Openchange documentation, why should I use 2 LDAP databases? Fedora 17, latest updates applied Samba: Version 4.1.0pre1-GIT-813bd03

ZFS Fans, Here''s a list of features that we are proposing for Solaris 10u5. Keep in mind that this is subject to change. Features: PSARC 2007/142 zfs rename -r PSARC 2007/171 ZFS Separate Intent Log PSARC 2007/197 ZFS hotplug PSARC 2007/199 zfs {create,clone,rename} -p PSARC 2007/283 FMA for ZFS Phase 2 PSARC/2006/465 ZFS Delegated Administration PSARC/2006/577 zpool property to

I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client. When I select the option "Account is sensitive and cannot be delegated" (in Active Directory Users and Computers under the Account tab) for a user account regardless of its

Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11. I've also got MIT Kerberos for Windows installed on the client, and Leash shows that my tickets ARE forwardable. Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and OpenSSH 4.0p1. I've created two AD accounts, and extracted keys mapped to "host/hostname.domainname.com at REALM.COM" and

On 6/1/2018 23:55, Andrew Bartlett wrote: > On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote: >> I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client. >> >> When I select the option "Account is

On 8/18/2015 10:46 AM, Alessio Cecchi wrote: > Hi, > > in this tipical setup (Dovecot/Director thate share Maildir via NFS) on > your NFS Server you have (about) 90% of read operations and only 10% of > write operations. > > If you see detailed stats for NFS operations you have 40-50% of GETATTR, > this means that NFS/Dovecot clients are caching data (mainly dovecot >

Hi all, I've been spending some time with customers lately and I've discovered an interesting thing. Many IT departments completely delegate the settings on directory and file ACLs to the users who are interested in the data. For example, on a given share for "Finance", the finance group is given full control on the containing directory (ie. they're allowed to set ACLs on