[Samba] Cannot add a new GPO opject at GPMC on win7
Yaroslav Yurta
yaroslav.tarasovuch at gmail.com
Thu Jan 14 09:35:59 UTC 2016
Hi, guys!
Have some trouble with adding a new GPO.
If i add a new GPO it says me "The parametr is incorrect"
I use RSAT on win7.
I have an AD DC based on samba 4.1.14 on FreeBSD 10.1
Evrything else working fine/
Here is my smb.conf
# Global parameters
[global]
workgroup = DEVCOM
realm = DEV.COM.UA
netbios name = WIZARD
server role = active directory domain controller
#server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate, dns, smb
#dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey,
dnsserver, winreg, srvsvc
idmap_ldb:use rfc2307 = yes
interfaces = 192.168.9.1 192.168.110.1
dns forwarder = 127.0.0.1
time server = yes
logon drive = P:
domain logons = yes
logon home = \\wizard\netlogon\
logon script = set_ntp.bat
[netlogon]
available = Yes
path = /var/db/samba4/sysvol/dev.com.ua/scripts
# read only = No
comment = The domain logon service
public = no
writeable = no
browsable = yes
locking = No
[sysvol]
path = /var/db/samba4/sysvol
read only = No
When i try to run smb-tool ntacl sysvolcheck it says me:
/usr/local/bin/samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory /var/db/samba4/sysvol/
dev.com.ua/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
from GPO object
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line
249, in run
lp)
File
"/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line
1726, in checksysvolacl
direct_db_access)
File
"/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line
1677, in check_gpos_acl
domainsid, direct_db_access)
File
"/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line
1624, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match
expected value %s from GPO object' % (acl_type(direct_db_access), path,
fsacl_sddl, acl))
--------------------
/usr/local/bin/samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\dev.com.ua\sysvol\dev.com.ua
\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn :
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=dev,DC=com,DC=ua
version : 2
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\dev.com.ua\sysvol\dev.com.ua
\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn :
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=dev,DC=com,DC=ua
version : 0
flags : NONE
-------------------------
/usr/local/bin/samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/gpo.py", line
1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
I can not understand where is an error.
--
*----------З повагою!Юрта Ярослав Тарасович.*
More information about the samba
mailing list