[Samba] sysvol acl's broken beyond repair

Rowland Penny rowlandpenny241155 at gmail.com
Sat Oct 3 09:09:11 UTC 2015


On 03/10/15 00:50, Krutskikh Ivan wrote:
> Hi everyone.
>
> I ran into notorios gpo error on windows clients. When I go to my dc
> controller and run
> samba-tool ntacl sysvolcheck
>
> I get an error:
>
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO directory
> /usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
> O:LAG:DAD:P
> does not match expected value
> O:DAG:DAD:P
>

I am not sure this is your problem, if you look very carefully, there is 
only one letter different between what is found and what is expected. 
This one letter means that Local Administrators (LA) owns the policy 
instead of Domain Administrators (DA), who should have access to the 
policy is correct.
Is there anything in the event log on a PC when it tries to use the policy?

Rowland




More information about the samba mailing list