[Samba] Fwd: Cannot edit GPO's anymore via RSAT

Marc Muehlfeld mmuehlfeld at samba.org
Mon May 26 05:51:56 MDT 2014


Hello George,


Am 25.05.2014 12:13, schrieb George Itee:
> The old DC has *Authenticated Users* - Read&Execute, List, Read; *System* -
> Full control; *Administrators Group* - Full Control; *Server Operators* -
> Read&Execute, List, Read >>> this is working properly
> 
> The current DC has *Everyone* - none; *CREATOR OWNER* - Special; *CREATOR
> GROUP* - none; *Administrator* - Full control;/// *Authenticated Users* -
> Read&Execute, List, Read; *System* - Full control; *Administrators Group* -
> Full Control; *Server Operators* - Read&Execute, List, Read  >>> this is
> not working
> 
> As you can see, the current sysvol share has 4 new ACL's. On both the
> current and the old, the Administrator is the Owner. But i cannot remove
> these new ACL's, even logged in with the admin account. They just keep
> popping back in the security tab.


What version was the "old DC" running? Early 4.0 version had some wrong
ACLs that where later fixed.

I don't have a MS Windows DC, so I can't say, if the current ACLs are
the default ones, a MS DC sets, when creating SysVol. Do you have a
change to test this? If MS differs from Samba, you should file a bug
report about that (please add detailed information/screenshots).




> How can I set them like the old DC via the linux command line?

But you can of course change the ACLs to your needs. Currently there is
no way to set the Windows ACLs on a share via cmd line. And
file/directory permissions isn't very userfriendly. The preferred way is
to use the "windows way":

https://wiki.samba.org/index.php/Setup_and_configure_file_shares#Change_permissions_on_folders_of_a_share



Regards,
Marc


More information about the samba mailing list