[Samba] samba 4.1.13 not applying domain policy in windows XP clients
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 16 01:31:51 MDT 2015
samba-tool ntactl sysvolreset wil reset the rights on your sysvol.
Thats the first your should try since it looks like an rights problem.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: rllanes at scvc.artex.cu
>[mailto:samba-bounces at lists.samba.org] Namens Rene Llanes
>Verzonden: vrijdag 12 juni 2015 17:20
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] samba 4.1.13 not applying domain policy in
>windows XP clients
>
>Hello,
>
>i configured group policy via RSAT in my samba 4.1.13
>implementation the
>policy applies correctly to my windows 7 clients but not to my windows
>XP clients.
>
>when i run gpupdate /force in windows XP it replies that the policies
>are apply correctly .... when i run
>
>./samba-tool ntacl sysvolcheck
>ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
>exception -
>ProvisioningError: DB ACL on GPO directory
>/usr/local/samba/var/locks/sysvol/XX.XXXX.XXX/Policies/{6AC1786
>C-016F-11D2-945F-00C04FB984F9}
>O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A
>;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
>1ff;;;SY)(A;OICI;0x001200a9;;;ED)
>does not match expected value
>O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A
>;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
>1ff;;;SY)(A;OICI;0x001200a9;;;ED)
>from GPO object
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in
>it__.py",
>line 175, in _run
> return self.run(*args, **kwargs)
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>line 249, in run
> lp)
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py",
>line 1726, in checksysvolacl
> direct_db_access)
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py",
>line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py",
>line 1624, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO directory %s %s does not
>match expected value %s from GPO object' %
>(acl_type(direct_db_access),
>path, fsacl_sddl, acl))
>root at pdc:/usr/local/samba/bin#
>root at pdc:/usr/local/samba/bin# gpupdate /force
>bash: gpupdate: command not found
>^C ba/bin#
>root at pdc:/usr/local/samba/bin# ^C
>root at pdc:/usr/local/samba/bin# ./samba-tool gpo aclcheck
>ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
>such element'
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in
>it__.py",
>line 175, in _run
> return self.run(*args, **kwargs)
> File
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo.
>py", line
>1150, in run
> ds_sd_ndr = m['nTSecurityDescriptor'][0]
>
>
>my question are ... are this errors related with my initial
>issue ...can
>i fix it with samba-tool ntactl sysvolreset??? ... what exactly this
>command does ...
>
>thanx in advance
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list