Bug 9384 - New 'samba-tool gpo aclcheck' fails against windows
Summary: New 'samba-tool gpo aclcheck' fails against windows
Status: NEW
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.0.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 9406
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-12 09:35 UTC by Andrew Bartlett
Modified: 2015-07-31 08:18 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2012-11-12 09:35:27 UTC
We need to understand how to correctly convert GPO ACLs in LDAP into FS ACLs, and have a tool that proves we know this by passing against windows and Samba.
Comment 1 Andrew Bartlett 2012-11-19 23:19:59 UTC
The new test, which now passes against windows for new GPOs (but not the default ones, unfortunately) is in master and in the mega-patch for 4.0 in bug #9406.

In particular, we simply do not set and avoid comparing the SACL, the rest of the conversion seems to be OK.
Comment 2 Stefan Metzmacher 2012-12-04 11:01:24 UTC
The state in 4.0 should be ok, but still not compatible with windows.

I have some further patches under:
https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-ad-acls
Comment 3 Stefan Metzmacher 2013-08-29 07:09:10 UTC
No 4.1 blocker => 4.2
Comment 4 Karolin Seeger 2013-12-10 15:39:50 UTC
Any news on this one?