[Samba] sysvol permissions
mourik jan heupink
heupink at merit.unu.edu
Thu Sep 17 10:01:19 UTC 2015
Hi Louis,
Alas...
> samba-tool ntacl sysvolcheck -U Administrator
same result :-(
and also
> acl_xattr:ignore system acls = yes
in smb.conf for both sysvol and netlogon makes no difference...
Then I deleted the empty folder...and to my horror, we now get:
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
> xattr.XATTR_NTACL_NAME)
No such file or directory!!
The I quickly moved back the deleted folder, and we're STILL getting the
above error...!!
What now..? Suggestions?
On 09/17/2015 11:46 AM, L.P.H. van Belle wrote:
> Hai Mourik Jan,
>
>
> Try with :
> samba-tool ntacl sysvolcheck -U Administrator
> samba-tool gpo aclcheck -U Administrator
>
> Set : acl_xattr:ignore system acls = yes
> On sysvol and netlogon share since only windows computers use these.
> It gives better NT ACL compatibility.
>
> and if you Group policies work, ignore these errors.
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink
>> Verzonden: donderdag 17 september 2015 11:34
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] sysvol permissions
>>
>> Hi,
>>
>> We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
>> to have permission problems on our sysvol:
>>
>>> root at DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
>>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
>> ProvisioningError: DB ACL on GPO directory
>> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-
>> 42B247B9943C}
>> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
>> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
>> 0a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value
>> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
>> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
>> 0a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>>> return self.run(*args, **kwargs)
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
>> 249, in run
>>> lp)
>>> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
>> line 1726, in checksysvolacl
>>> direct_db_access)
>>> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
>> line 1677, in check_gpos_acl
>>> domainsid, direct_db_access)
>>> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
>> line 1624, in check_dir_acl
>>> raise ProvisioningError('%s ACL on GPO directory %s %s does not
>> match expected value %s from GPO object' % (acl_type(direct_db_access),
>> path, fsacl_sddl, acl))
>>
>> Running
>> > root at DC2:/var/lib/samba# samba-tool ntacl sysvolreset
>> finishes without any output, so I'm guessing that means: success.... but
>> afterwards sysvolcheck still reports the same error.
>>
>> Is this some bug in 4.1.17..? We could of course try upgrading...?
>>
>> MJ
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list