[Samba] sysvol permissions

L.P.H. van Belle belle at bazuin.nl
Thu Sep 17 09:47:43 UTC 2015


If the folders are emty, just delete them. 
I do check that also so now and then, i noticed the same, 
and i deleted them also. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 11:42
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] sysvol permissions
> 
> A bit more info:
> 
> the 'problem' policy in question:
> > /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-
> 8555-42B247B9943C}
> 
> is basically just empty directories, and one file GPT.INI containing
> just this:
> 
> > [General]
> > Version=0
> > displayName=New Group Policy Object
> 
> Would it be safe to simply delete the whole
> {A577A789-8C39-447A-8555-42B247B9943C} directory..? (or would that mess
> up things..?)
> 
> MJ
> 
> On 09/17/2015 11:34 AM, mourik jan heupink wrote:
> > Hi,
> >
> > We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
> > to have permission problems on our sysvol:
> >
> >> root at DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> >> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
> >> - ProvisioningError: DB ACL on GPO directory
> >> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-
> 8555-42B247B9943C}
> >>
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED)
> >> does not match expected value
> >>
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED)
> >> from GPO object
> >>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> >> line 175, in _run
> >>     return self.run(*args, **kwargs)
> >>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> >> 249, in run
> >>     lp)
> >>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> >> line 1726, in checksysvolacl
> >>     direct_db_access)
> >>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> >> line 1677, in check_gpos_acl
> >>     domainsid, direct_db_access)
> >>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> >> line 1624, in check_dir_acl
> >>     raise ProvisioningError('%s ACL on GPO directory %s %s does not
> >> match expected value %s from GPO object' %
> >> (acl_type(direct_db_access), path, fsacl_sddl, acl))
> >
> > Running
> >  > root at DC2:/var/lib/samba# samba-tool ntacl sysvolreset
> > finishes without any output, so I'm guessing that means: success.... but
> > afterwards sysvolcheck still reports the same error.
> >
> > Is this some bug in 4.1.17..? We could of course try upgrading...?
> >
> > MJ
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list