[Samba] gpo not working with samba 4 migrated

Trenta sis trenta.sis at gmail.com
Thu Jul 21 18:37:06 UTC 2016 

Hi,

First of all thanks for you answer, it seems that this can help, now some
change made to gpo are applied and we are not receiving error in event
viewer, but seem that some change are not applied, why and where I can find
some information, in samba log anv event viewer any error is reported

Also I have tried

# samba-tool ntacl sysvolreset

After this tried
# samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
- ProvisioningError: DB ACL on GPO directory
/usr/local/samba/var/locks/sysvol/domain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
from GPO object
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line 270, in run
    lp)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1732, in checksysvolacl
    direct_db_access)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1683, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1630, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not
match expected value %s from GPO object' %
(acl_type(direct_db_access), path, fsacl_sddl, acl))

Tried with new domain (no migrated) and then works, where is the problem?



2016-07-21 18:51 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:

> Hello,
>
> Am 21.07.2016 um 17:18 schrieb Trenta sis:
> > I have migrated samba 3 domain to samba, and I have found that when you
> try
> > to use gpo this are not applied we receive in windwos event log errors
> with
> > permissions in sysvol, I have checked paths to sysvol gpos and are
> correct.
> > Also I have tried with a new fresh domain (not migrated) and with this
> new
> > install works GPO
> >
> > How can I debug this problems and find a solution?
>
>
> Have you tried
>
> https://wiki.samba.org/index.php/FAQ#Incompatible_permissions_of_GPO_objects_and_SysVol_share
>
>
> Regards,
> Marc
>

More information about the samba mailing list