[Samba] gpo not working with samba 4 migrated

Trenta sis trenta.sis at gmail.com
Thu Jul 21 21:18:35 UTC 2016 

I'm not sure what are you deatiling, is a bug in progress taht can cause
this random problems with some gpos or this error can be ignored?

2016-07-21 20:37 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:

> Hi,
>
> First of all thanks for you answer, it seems that this can help, now some
> change made to gpo are applied and we are not receiving error in event
> viewer, but seem that some change are not applied, why and where I can find
> some information, in samba log anv event viewer any error is reported
>
> Also I have tried
>
> # samba-tool ntacl sysvolreset
>
> After this tried
> # samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/domain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} <http://domain.com/Policies/%7B31B2F340-016D-11D2-945F-00C04FB984F9%7D> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
>     lp)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1732, in checksysvolacl
>     direct_db_access)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1683, in check_gpos_acl
>     domainsid, direct_db_access)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1630, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
>
> Tried with new domain (no migrated) and then works, where is the problem?
>
>
>
> 2016-07-21 18:51 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>
>> Hello,
>>
>> Am 21.07.2016 um 17:18 schrieb Trenta sis:
>> > I have migrated samba 3 domain to samba, and I have found that when you
>> try
>> > to use gpo this are not applied we receive in windwos event log errors
>> with
>> > permissions in sysvol, I have checked paths to sysvol gpos and are
>> correct.
>> > Also I have tried with a new fresh domain (not migrated) and with this
>> new
>> > install works GPO
>> >
>> > How can I debug this problems and find a solution?
>>
>>
>> Have you tried
>>
>> https://wiki.samba.org/index.php/FAQ#Incompatible_permissions_of_GPO_objects_and_SysVol_share
>>
>>
>> Regards,
>> Marc
>>
>
>

More information about the samba mailing list