[Samba] samba Digest, Vol 155, Issue 24; Still can't figure out acl issues

jimc jesmeyano at gmail.com
Wed Nov 18 20:58:41 UTC 2015


Yes, I did an fsck from a boot dvd. It came up clean.

I did a recursive setfacal to set all acls to default.

On 18 Nov 2015, at 03:33, jimc<jesmeyano at gmail.com>  wrote:

Yah, jimc again.

I still cannot figure out what is wrong with my dc. The problem began with being unable to log on from Windows boxes after a power hit.

The initial symptoms were:

1) When I log in on a Windows machine, with an account that should have
administrator permissions, I don't have said admin rights.

2) When I attempt to launch the Windows remote server tools, I can
select the server, but when I attempt to connect I get the ever popular
'rpc server unavailable'.

3) When I run 'samba-tool gpo aclcheck', I get an uncaught exception
error (-1073741705) 'Indicates the ACL structure is is not valid'.
Followed, of course, by the unwinding call stack.

4) smbclient //localhost/netlogon -UAdministrator -c 'ls' nets me the
message:
'Domain=[ozco] os=[unix] Server=[Samba 4.3.1]
NT_STATUS_INVALID_ACL listing \*'

After much wailing and gnashing of teeth, I did a setfacl.

Now, 'samba-tool gpo aclcheck' returns "uncaught exception - (-1073741790 'access denied')".


1) Did you run a disk check (fsck) on your DC after the outage?
2) Did you try to reset ACL's on your Sysvol?

Viktor




More information about the samba mailing list