[Samba] sysvol acl's broken beyond repair
Rowland Penny
rowlandpenny241155 at gmail.com
Sat Oct 3 09:09:11 UTC 2015
On 03/10/15 00:50, Krutskikh Ivan wrote:
> Hi everyone.
>
> I ran into notorios gpo error on windows clients. When I go to my dc
> controller and run
> samba-tool ntacl sysvolcheck
>
> I get an error:
>
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO directory
> /usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
> O:LAG:DAD:P
> does not match expected value
> O:DAG:DAD:P
>
I am not sure this is your problem, if you look very carefully, there is
only one letter different between what is found and what is expected.
This one letter means that Local Administrators (LA) owns the policy
instead of Domain Administrators (DA), who should have access to the
policy is correct.
Is there anything in the event log on a PC when it tries to use the policy?
Rowland
More information about the samba
mailing list