Samba 4.0 ntacl sysvolcheck

Andrew Bartlett abartlet at
Sat Dec 29 16:02:55 MST 2012

On Sat, 2012-12-29 at 17:21 +0100, Gémes Géza wrote:
> Hi,
> Today I've (finally) upgraded our production DCs from rc3 to 4.0 and 
> hoping to fix some sysvol acls run samba-tool ntacl sysvolreset on them 
> (which went fine, without errors), and after that a ntacl sysvolcheck 
> which produced (on both DCs):

> I've added acl:search = false to the smb.conf, have log level = 0 and 
> using a bind dlz backend the rest is at the default values.
> The domain was created by a classicupgrade at beta8 then upgraded to 
> various rc levels (the last one being rc3) from which today it was 
> upgraded to 4.0 final.
> Please tell me if you need more detail.

I'm aware of this known issue on classicupgrade domains, but please file
a bug so we can track getting this fixed (if possible).  The issue is
that we do not have a way to map 'domain admins' to a UID, so we punt
and make the file owned by 'administrator' instead.  I thought I had a
way to force the owner to be falsely reported to clients and 'samba-tool
ntacl sysvolcheck', but this seems not to be working. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list