[Samba] sysvol acl's broken beyond repair
Krutskikh Ivan
stein.hak at gmail.com
Sat Oct 3 15:20:11 UTC 2015
Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error
and misses something more severe later on.
2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 03/10/15 00:50, Krutskikh Ivan wrote:
>
>> Hi everyone.
>>
>> I ran into notorios gpo error on windows clients. When I go to my dc
>> controller and run
>> samba-tool ntacl sysvolcheck
>>
>> I get an error:
>>
>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
>> ProvisioningError: DB ACL on GPO directory
>>
>> /usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
>> O:LAG:DAD:P
>> does not match expected value
>> O:DAG:DAD:P
>>
>>
> I am not sure this is your problem, if you look very carefully, there is
> only one letter different between what is found and what is expected. This
> one letter means that Local Administrators (LA) owns the policy instead of
> Domain Administrators (DA), who should have access to the policy is correct.
> Is there anything in the event log on a PC when it tries to use the policy?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list