On Mon, 2013-05-20 at 20:04 +0200, Marc Muehlfeld wrote: > Hello Andrew, > > Am 19.05.2013 13:39, schrieb Andrew Bartlett: > >> Have you read the 'Known issues/limitations' on that page > >> (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)? > >> > >> You still need 'acl:search=false' in your smb.conf, even if you run the > >> latest version. > > > > If that is the case, after resetting the ACLs or on a fresh provision, > > please file a bug, showing how windows does it differently. We match > > windows behaviour now, as far as we know. > > The bug report about that, already exists: > https://bugzilla.samba.org/show_bug.cgi?id=9788 > > Because I don't have Windows servers, I have no way to find out how > Windows react.
You can download trail versions of Windows 2008r2 for testing and evaluation purposes. > But when I wrote the "Join machines to the Domain as non-Domain-Admin" > Howto, I take over the steps from MS: > http://support.microsoft.com/kb/932455/en-us > > That's why I think, samba is still doing something different on > delegation, than MS in that case, if I have to use 'acl:search=false'. We need far, far more detail - using this ACL, this attribute is visible/modified on windows but not on Samba - to be able to address this. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba