[Samba] Samba4: Folder Redirection GPO not working with Windows 7
steve
steve at steve-ss.com
Tue Oct 9 09:36:00 MDT 2012
On 08/10/12 18:23, steve wrote:
> On 08/10/12 17:40, mat at matws.net wrote:
>> Ok can you check that this simple user can go in the \\server\sysvol
>> folder and then access all the files under <dnsnamedomain>/policies
>> and cross check that this gpo is really applied by setting in the same
>> gpo a rule for the wallpaper or something else visible.
>>
>
> Hi
> I set the wallpaper in the same gpo:
> http://dl.dropbox.com/u/45150875/gpowallpaper.png
>
> This popup appears each time Administrator starts the GPO editor:
> http://dl.dropbox.com/u/45150875/sysvolerror.png
>
> Clicking OK gives 'Access is denied'. Same error whether I have run
> samba-tool ntacl sysvolreset or not. The GPO is created however.
>
> Results:
> 1. Ordinary users can read anything in the sysvol share
> 2. The wallpaper GPO is ignored both for W7 Administrator and for W7 users.
>
> note: The wallpaper GPO doesn't work on XP either but I don't think it
> was implemented then.
>
> Cheers,
> Steve
>
Hi
I updated today tothe latest from master:
Version 4.1.0pre1-GIT-e65a24bed
and ran:
samba-tool ntacl sysvolreset --use-s3fs
Now no user can enter sysvol:
getfacl sysvol/
# file: sysvol/
# owner: root
# group: wheel
# flags: s--
user::rwx
user:root:rwx
group::r--
group:wheel:r--
group:3000000:r--
group:3000001:r--
group:3000002:r--
mask::rwx
other::---
Any ideas how I can get domain users to enter and read the gpo's? I've
tried with 0755 but windows doesn't seem to know about it. Any attempt
to set the ACL on windows fils. Is it possible to set the ACL from
windows 7 on s3fs?
Cheers,
Steve
More information about the samba
mailing list