[Samba] SYSVOL ACLs and GPOs

[Andriesvn]

Hi Andrew

I appear to be having the same problem that Alex has. Except i am running
Ubuntu Server 12.04 x64. I have been experiencing this problem since RC2 and
thought i might have installed incorrectly. I have done about 5 Fresh Server
installs and all of them end with the same results. Clients cant access GPO,
sysvolreset has no effect and sysvolcheck keeps poping up a "VFS ACL on GPO
directory" error. getfacl after sysvolreset on a gpo dir returns the
following:

 # file: {yadayada}
 # owner : 3000008
 # group : users
user::rwx
user:3000008:rwx
group::---
group:3000002:r--
group:3000003:r--
group:3000006:r--
group:3000008:r--
group:3000010:r--
mask::rwx
other::---

On some GPO dir`s i get an extra default as follows:
default:user::rwx
default:user:3000008:rwx
default:group::---
default:group:3000002:rwx
default:group:3000003:r-x
default:group:3000006:rwx
default:group:3000008:rwx
default:group:3000010:r-x
default:mask::rwx
default:other::---

since i saw the default popup it tried setting the default as the effective
permissions but still no result.

sysvol permissions are always as follows:
root at samba4:/usr/local/samba # getfacl var/locks/sysvol 
# file: var/locks/sysvol 
# owner: root 
# group: 3000000 
user::rwx 
user:root:rwx 
group::r-- 
group:3000000:r-- 
group:3000001:r-- 
group:3000002:r-- 
group:3000003:r-- 
mask::rwx 
other::--- 

a workaround that seemed to work for me was to set all permissions on sysvol
to rwx. This allowed clients to read and apply the GPO`s. I know the
permissions are not correct but i needed a fix.

So this appears to be a problem not only related to FreeBSD.

Regards
Andries van Niekerk



--
View this message in context: http://samba.2283325.n4.nabble.com/Re-Samba-SYSVOL-ACLs-and-GPOs-tp4639348p4639656.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.