Samba 4.0 ntacl sysvolcheck
abartlet at samba.org
Sat Dec 29 16:02:55 MST 2012
On Sat, 2012-12-29 at 17:21 +0100, Gémes Géza wrote:
> Today I've (finally) upgraded our production DCs from rc3 to 4.0 and
> hoping to fix some sysvol acls run samba-tool ntacl sysvolreset on them
> (which went fine, without errors), and after that a ntacl sysvolcheck
> which produced (on both DCs):
> I've added acl:search = false to the smb.conf, have log level = 0 and
> using a bind dlz backend the rest is at the default values.
> The domain was created by a classicupgrade at beta8 then upgraded to
> various rc levels (the last one being rc3) from which today it was
> upgraded to 4.0 final.
> Please tell me if you need more detail.
I'm aware of this known issue on classicupgrade domains, but please file
a bug so we can track getting this fixed (if possible). The issue is
that we do not have a way to map 'domain admins' to a UID, so we punt
and make the file owned by 'administrator' instead. I thought I had a
way to force the owner to be falsely reported to clients and 'samba-tool
ntacl sysvolcheck', but this seems not to be working.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical