Samb4 GPO Issues
Marc Muehlfeld
samba at marc-muehlfeld.de
Fri Jun 14 04:24:07 MDT 2013
Hello Mike,
Am 14.06.2013 10:29, schrieb Mike Howard:
> I've tried to match up the permissions using 'setfacl' (using a working
> GPO as the template), I've even tried chmod -R 777, just to see if
> access really is the issue, but still no go.
To reset the filesystem ACLs on the SysVol share you can use
# samba-tool ntacl sysvolreset
> 'samba-tool gpo aclcheck' gives me;
>
> ERROR: Invalid GPO ACL
> O:DAG:DAD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001200a9;;;DC)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;SY)(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;;;;CG)(A;OICIIO;;;;WD)
> on path
> (mydomain.co.uk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}), should
> be
> O:DAG:DAD:PAR(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001200a9;;;DC)(A;OICI;0x001f01ff;;;EA)(A;OICI;0x001200a9;;;ED)
>
>
> but I can't see in samba-tool how to fix this.
I think "samba-tool dbcheck" could help you. Have a look to it's options
like
# samba-tool dbcheck --reset-well-known-acls
Before you reset, backup your samba installation directory. :-)
Regards,
Marc
More information about the samba-technical
mailing list