[Samba] sysvol permissions
mourik jan heupink
heupink at merit.unu.edu
Thu Sep 17 09:34:25 UTC 2015
Hi,
We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
to have permission problems on our sysvol:
> root at DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-42B247B9943C} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1624, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
Running
> root at DC2:/var/lib/samba# samba-tool ntacl sysvolreset
finishes without any output, so I'm guessing that means: success.... but
afterwards sysvolcheck still reports the same error.
Is this some bug in 4.1.17..? We could of course try upgrading...?
MJ
More information about the samba
mailing list