[Samba] SYSVOL ACLs and GPOs
Alex Matthews
qoole.samba at lillimoth.com
Wed Oct 24 03:49:58 MDT 2012
Hi,
I have installed a virtual testing network consisting of one samba4 PDC
(latest git master) and one Windows XP Pro SP3 (fully updated)machine.
I have successfully provisioned an AD Domain and joined the XP machine
to it.
When I run the gpmc on the XP Pro machine and select:
Forest: <domain name> -> Domains -> <domain name> -> Group Policy
Objects -> Default Domain [Controller | Policy]
I get the following error:
"The permissions for this GPO in the SYSVOL folder are inconsistent with
those in Active Directory.
It is recommended that these permissions be consistent.
To change the SYSVOL permissions to those in Active Directory, click OK."
Hitting ok I get no error but as soon as I reselect THE SAME entry I get
the same error, it doesn't seem to be able to fix the ACL.
I have found one post about this on the list
(https://bugzilla.samba.org/show_bug.cgi?id=5483)but apparently it was
"fixed" a long time ago.
Seeing as I'm using the latest version I would assume this is a
different issue.
If I try to change any of the ACLs on either of the folders in
\\<pdc>\sysvol\<domain name>\Policies\ by hand I get no errors however
the change doesn't stick.
Looking at the samba log files:
I get this when I start gpmc and click ok:
http://pastebin.com/7rBKyU1B
I get this when I start gpmc and don't click ok:
http://pastebin.com/B3DMSE1T
I get this when I alter the ACLs manually (after line 479 is when I
actually alter the ACLs):
http://pastebin.com/2mEvWX6K
My smb.conf is stock. No alterations.
The server OS is Ubuntu 12.04.
The filesystem is ext4 mounted with the following options:
"errors=remount-ro,acl,user_xattr,barrier=1".
I have all acl packages installed that I have seen referenced by samba
or in posts of a similar nature.
Thanks,
Alex
More information about the samba
mailing list