[Samba] samba4 second dc:s sysvol rights

Hannu Tikka hannu.tikka at rpkk.fi
Thu Oct 11 01:59:14 MDT 2012 

I have a samba4 domain with two r/w directory controllers.
Second servers sysvol share doesn't allow access to normal users, only
admin users can access share.
Problem is same with both: ntvfs and s3fs.
Sysvolreset doesn't help and sysvolcheck doesn't complain anything.
posix file acls are identical with the first server which works ok.

I have granted  rights for Everyone, specific user and Domain Users group,
but the result is always same.


Here is log for admin user accessing the share:
-----------------
Successfully converted security token to a unix token:Security token SIDs
(17):
  SID[  0]: S-1-5-21-xxx-xxx-xxx-1005
  SID[  1]: S-1-5-21-xxx-xxx-xxx-513
  SID[  2]: S-1-5-21-xxx-xxx-xxx-1010
  SID[  3]: S-1-5-21-xxx-xxx-xxx-1747
  SID[  4]: S-1-5-21-xxx-xxx-xxx-1011
  SID[  5]: S-1-5-21-xxx-xxx-xxx-2612
  SID[  6]: S-1-5-21-xxx-xxx-xxx-1026
  SID[  7]: S-1-5-21-xxx-xxx-xxx-512
  SID[  8]: S-1-5-21-xxx-xxx-xxx-572
  SID[  9]: S-1-5-21-xxx-xxx-xxx-1181
  SID[ 10]: S-1-5-21-xxx-xxx-xxx-520
  SID[ 11]: S-1-5-32-550
  SID[ 12]: S-1-5-32-545
  SID[ 13]: S-1-5-32-544
  SID[ 14]: S-1-1-0
  SID[ 15]: S-1-5-2
  SID[ 16]: S-1-5-11
Privileges (0x        1FFFFF00):
  Privilege[  0]: SeTakeOwnershipPrivilege
  Privilege[  1]: SeBackupPrivilege
  Privilege[  2]: SeRestorePrivilege
  Privilege[  3]: SeRemoteShutdownPrivilege
  Privilege[  4]: SeSecurityPrivilege
  Privilege[  5]: SeSystemtimePrivilege
  Privilege[  6]: SeShutdownPrivilege
  Privilege[  7]: SeDebugPrivilege
  Privilege[  8]: SeSystemEnvironmentPrivilege
  Privilege[  9]: SeSystemProfilePrivilege
  Privilege[ 10]: SeProfileSingleProcessPrivilege
  Privilege[ 11]: SeIncreaseBasePriorityPrivilege
  Privilege[ 12]: SeLoadDriverPrivilege
  Privilege[ 13]: SeCreatePagefilePrivilege
  Privilege[ 14]: SeIncreaseQuotaPrivilege
  Privilege[ 15]: SeChangeNotifyPrivilege
  Privilege[ 16]: SeUndockPrivilege
  Privilege[ 17]: SeManageVolumePrivilege
  Privilege[ 18]: SeImpersonatePrivilege
  Privilege[ 19]: SeCreateGlobalPrivilege
  Privilege[ 20]: SeEnableDelegationPrivilege
 Rights (0x             403):
  Right[  0]: SeInteractiveLogonRight
  Right[  1]: SeNetworkLogonRight
  Right[  2]: SeRemoteInteractiveLogonRight
----------------

And as normal user:

----------------
Successfully converted security token to a unix token:Security token SIDs
(6):
  SID[  0]: S-1-5-21-xxx-xxx-xxx-1345
  SID[  1]: S-1-5-21-xxx-xxx-xxx-513
  SID[  2]: S-1-5-32-545
  SID[  3]: S-1-1-0
  SID[  4]: S-1-5-2
  SID[  5]: S-1-5-11
 Privileges (0x               0):
 Rights (0x               0):

More information about the samba mailing list