[Samba] Administrator lost write privileges to sysvol (Can't add/edit anything using RSAT Tools)
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 23 15:53:08 UTC 2020
Ah,, ok i miss read that.
So its something in the DB..
Are the SePrivilages checked. ?
I use something like this for that.
SEPRIVILEGE="SeMachineAccountPrivilege \
SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege \
SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege \
SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemtimePrivilege \
SeShutdownPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege \
SeSystemProfilePrivilege SeProfileSingleProcessPrivilege \
SeIncreaseBasePriorityPrivilege SeLoadDriverPrivilege \
SeCreatePagefilePrivilege SeIncreaseQuotaPrivilege SeChangeNotifyPrivilege \
SeUndockPrivilege SeManageVolumePrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege \
SeEnableDelegationPrivilege"
kinit Administrator
for sepriv in $SEPRIVILEGE ; do
# For a member server.
# net rpc rights list privileges $sepriv -S $(hostname -f) -k
# samba-tool dsacl get ?
# ( i never had to check that, so above command but then for AD-DC's.
done
kdestroy
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: donderdag 23 januari 2020 16:31
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Administrator lost write privileges to
> sysvol (Can't add/edit anything using RSAT Tools)
>
> On 23/01/2020 15:06, L.P.H. van Belle via samba wrote:
> > I havent read the complete thread but was "Create Group"
> set on the share.
> >
> > What does. getfacl say on the file/folder
> >
> > Deny preffers over Allow.
> >
> > Your setup on sysvol shows :
> > getfacl /usr/local/samba/var/locks/sysvol
> > getfacl: Removing leading '/' from absolute path names
> > # file: usr/local/samba/var/locks/sysvol
> > # owner: 3000000
> > # group: 3000000
> > user::rwx
> > user:root:rwx
> > user:3000000:rwx
> > user:3000001:r-x
> > user:3000002:rwx
> > user:3000003:r-x
> > group::rwx
> > group:3000000:rwx
> > group:3000001:r-x
> > group:3000002:rwx
> > group:3000003:r-x
> > mask::rwx
> > other::r-x
> > default:user::rwx
> > default:user:root:rwx
> > default:user:3000000:rwx
> > default:user:3000001:r-x
> > default:user:3000002:rwx
> > default:user:3000003:r-x
> > default:group::r-x
> > default:group:3000000:rwx
> > default:group:3000001:r-x
> > default:group:3000002:rwx
> > default:group:3000003:r-x
> > default:mask::rwx
> > default:other::rwx
> >
> > Compaired to mine.
> > # file: home/samba/sysvol
> > # owner: root
> > # group: root
> > # flags: -s-
> > user::rwx
> > user:root:rwx
> > user:BUILTIN\\administrators:rwx
> > user:BUILTIN\\server\040operators:r-x
> > user:NT\040AUTHORITY\\system:rwx
> > user:NT\040AUTHORITY\\authenticated\040users:r-x
> > group::rwx
> > group:BUILTIN\\administrators:rwx
> > group:BUILTIN\\server\040operators:r-x
> > group:NT\040AUTHORITY\\system:rwx
> > group:NT\040AUTHORITY\\authenticated\040users:r-x
> > mask::rwx
> > other::---
> > default:user::rwx
> > default:user:root:rwx
> > default:user:BUILTIN\\administrators:rwx
> > default:user:BUILTIN\\server\040operators:r-x
> > default:user:NT\040AUTHORITY\\system:rwx
> > default:user:NT\040AUTHORITY\\authenticated\040users:r-x
> > default:group::---
> > default:group:BUILTIN\\administrators:rwx
> > default:group:BUILTIN\\server\040operators:r-x
> > default:group:NT\040AUTHORITY\\system:rwx
> > default:group:NT\040AUTHORITY\\authenticated\040users:r-x
> > default:mask::rwx
> > default:other::---
> > default:other::---
> >
> > You see the differences..
> >
> > I think its mostly share of ACL rights the need be corrected.
> >
> >
> Hi Louis, I don't think the problem has anything to do with sysvol
> (though I am open to having my mind changed), the problem
> seem to have
> something to do with Administrator no longer being able to
> write to AD
> from ADUC.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list