|
|
Hello Nadya,
I put more trace and I find the problem: defaultSecurityDescriptor was
not upgraded because previously I had a plan to make something rather
complicated with SD update that implied to have the previous SD.
So the story is solved no need to investigate more !
Sorry for the lost time on research ...
Matthieu.
On 26/11/2009 20:06, Matthieu Patou wrote:
Hello Nadya,
I'll need your help to help me to understand why I'm failling with the
upgradesprovision to correctly update some SD:
cn=administrator,cn=users,dc=smb4,dc=tst
cn=dns,cn=users,dc=smb4,dc=tst
cn=guest,cn=users,dc=smb4,dc=tst
cn=krbtgt,cn=users,dc=smb4,dc=tst
As all the other SD are OK I'm rather encline to think that the
update_sd does its job pretty well ... If you had a look at the
updateprovision.log you will see the DN then the updated SD and finally
the reference SDDL.
The SDDL share a lot but diverge on some points can you try to light my
way ?
Of course I also have problems with this but it's related to policy
object and we know that we still have a slight problem on one flag for
the SACL (so I'm not very nervous with this)
cn={f6f519f1-7ec2-4f98-9b87-3d05e2dc697b},cn=policies,cn=system,dc=smb4,dc=tst
cn=machine,cn{f6f519f1-7ec2-4f98-9b87-3d05e2dc697b},cn=policies,cn=system,dc=smb4,dc=tst
cn=user,cn{f6f519f1-7ec2-4f98-9b87-3d05e2dc697b},cn=policies,cn=system,dc=smb4,dc=tst
Of course let me know !
Matthieu
|
|