[Samba-it] gpo
Corrado Ravinetto
corrado.ravinetto at lanificiocerruti.com
Wed Nov 14 10:43:10 UTC 2018
Ciao a tutti
ritorno sulla discussione.
Ho applicato delle gpo a livello di dominio, come il mapping di alcune
share e funziona.
Viene applicata a tutti gli authenticated users ed e' corretto.
Ora sto cercando di applicare una gpo ad un singolo gruppo di utenti
(chiamiamolo GruppoA), ma questa proprio non riesco a farla funzionare e
mi sono venuti alcuni dubbi:
ho creato la gpo e l'ho associata al solo GruppoA
per curiosita' sono andato a vedere la policy su linux e ho visto che e'
stata creata e come owner ha i domain users
primo dubbio: e' corretto il gruppo con la quale e' stata creata o
doveva essere GruppoA
Ho incluso UtenteA al GruppoA
Ho fatto il login con UtenteA.
Con gpresult ho verificato le policies applicate e quella generica a
livello di dominio e' stata applicata e ha fatto quello che doveva fare,
mentre la gpo legata al GruppoA segnala :
su windows 10
non la vede
su windows 7
non la vede
su xp
la vede ma non la applica
Con il visualizzatore di eventi non segnala nulla mentre nei log di
samba (con log level = 4) vedo che legge le policies, quella di default,
quella di dominio e poi la policy di GruppoA e alla fine da un
NT_STATUS_ACCESS_DENIED
[2018/11/14 10:53:02.135478, 4] ../source3/smbd/vfs.c:805(vfs_ChDir)
vfs_ChDir to
lxcerruti.com/Policies/{1A36EC9C-4888-4C21-98BF-A30AC0A50A0D}
[2018/11/14 10:53:02.135522, 4] ../source3/smbd/vfs.c:859(vfs_ChDir)
vfs_ChDir got
/home/samba/sysvol/lxcerruti.com/Policies/{1A36EC9C-4888-4C21-98BF-A30AC0A50A0D}
[2018/11/14 10:53:02.135567, 4] ../source3/smbd/vfs.c:805(vfs_ChDir)
vfs_ChDir to /home/samba/sysvol
[2018/11/14 10:53:02.135632, 4] ../source3/smbd/vfs.c:859(vfs_ChDir)
vfs_ChDir got /home/samba/sysvol
[2018/11/14 10:53:02.135661, 2] ../source3/smbd/open.c:1447(open_file)
LXCERRUTI\specola2 opened file
lxcerruti.com/Policies/{1A36EC9C-4888-4C21-98BF-A30AC0A50A0D}/GPT.INI
read=Yes write=No (numopen=1)
[2018/11/14 10:53:02.135920, 4] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(663, 513) : sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.135955, 4] ../source3/smbd/uid.c:527(push_conn_ctx)
push_conn_ctx(627) : conn_ctx_stack_ndx = 0
[2018/11/14 10:53:02.135978, 4]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.136043, 4] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (663, 513) - sec_ctx_stack_ndx = 0
[2018/11/14 10:53:02.136534, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 29 of length 76 (0 toread)
[2018/11/14 10:53:02.136571, 3]
../source3/smbd/process.c:1543(switch_message)
switch message SMBtrans2 (pid 1209) conn 0x556baaa99ad0
[2018/11/14 10:53:02.136622, 3]
../source3/smbd/trans2.c:5726(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006
[2018/11/14 10:53:02.136670, 3]
../source3/smbd/trans2.c:5972(call_trans2qfilepathinfo)
call_trans2qfilepathinfo
lxcerruti.com/Policies/{1A36EC9C-4888-4C21-98BF-A30AC0A50A0D}/GPT.INI
(fnum 12396) level=1006 call=7 total_data=0
[2018/11/14 10:53:02.137431, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 30 of length 63 (0 toread)
[2018/11/14 10:53:02.137468, 3]
../source3/smbd/process.c:1543(switch_message)
switch message SMBreadX (pid 1209) conn 0x556baaa99ad0
[2018/11/14 10:53:02.137726, 3]
../source3/smbd/aio.c:276(aio_pread_smb1_done)
handle_aio_read_complete file
lxcerruti.com/Policies/{1A36EC9C-4888-4C21-98BF-A30AC0A50A0D}/GPT.INI
max=72 nread=72
[2018/11/14 10:53:02.138657, 3] ../source3/smbd/process.c:1956(process_smb)
Transaction 31 of length 90 (0 toread)
[2018/11/14 10:53:02.138700, 3]
../source3/smbd/process.c:1543(switch_message)
switch message SMBntcreateX (pid 1209) conn 0x556baaa99ad0
[2018/11/14 10:53:02.138811, 4] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(663, 513) : sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.138846, 4] ../source3/smbd/uid.c:527(push_conn_ctx)
push_conn_ctx(627) : conn_ctx_stack_ndx = 0
[2018/11/14 10:53:02.138869, 4]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.138932, 4] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (663, 513) - sec_ctx_stack_ndx = 0
[2018/11/14 10:53:02.138981, 4]
../source3/smbd/open.c:3296(open_file_ntcreate)
calling open_file with flags=0x0 flags2=0x40 mode=0666, access_mask =
0x100000, open_access_mask = 0x100000
[2018/11/14 10:53:02.139013, 4] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(663, 513) : sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.139041, 4] ../source3/smbd/uid.c:527(push_conn_ctx)
push_conn_ctx(627) : conn_ctx_stack_ndx = 0
[2018/11/14 10:53:02.139063, 4]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/11/14 10:53:02.139132, 4] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (663, 513) - sec_ctx_stack_ndx = 0
[2018/11/14 10:53:02.139203, 3]
../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../source3/smbd/error.c(165) cmd=162
(SMBntcreateX) NT_STATUS_ACCESS_DENIED
--
*Corrado Ravinetto *
More information about the samba-it
mailing list