[Samba] Permission denied on GPT.ini (Event ID 1058)
L.P.H. van Belle
belle at bazuin.nl
Mon Mar 21 14:53:36 UTC 2016
Hai,
Today i had a "about" same problem.
Check the following.
1) Get the Policy id ( like ": {78732DBF-5381-497B-9B25-00A278270A1F} from
PATH_TO_SYSVOL_FOLDER/Policies/
2) run getfacl on the folder like :
getfacl \{78751DBF-5381-497B-9B25-00A278270A1F\}/
here in my case i noticed the following.
I had a user set on one specific policie, i changed that users to a newly created group.
After looking with getfacl i noticed, that the user was still on GPT.INI
and not the group.
Reculting in the Permission denied on GPT.ini.
For now i fixed it by getting setting the inheritance of the folder to the files again.
Resume what i think and others must test also.
When creating the policy for the first time it sets the correct U+G rights.
After changing this, not.
Other quick fix is, add the computer($) to the group.
I hope people know what i mean, if not, ask me.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray
> Verzonden: maandag 21 maart 2016 10:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Permission denied on GPT.ini (Event ID 1058)
>
>
>
> Le 20/03/2016 17:03, Klaus Hartnegg a écrit :
> >> Am 19.03.2016 um 08:16 schrieb Sébastien Le Ray <sebastien-
> samba at orniz.org>:
> >>
> >> Yes but in that case I'm not using the machine account anymore but the
> currently logged in user account. That's why I guess it is related to some
> machine account configuration issue but I can find no way to test machine
> account access?
> > psexec -i -s cmd.exe
> > must be run as admin
> > will open a new window
> > try there:
> > echo %username%
> > looks like machine account
>
> Hi,
>
> This gives me the machine account name which I already know.
>
> BUT I used pushd \\path\to\sysvol in the spawned cmd.exe and I
> successfully mounted the supposedly unreadable share (tries all 5 DCs)
> and type'd the GPT.ini
>
> If someone has any further investigation track, I'll take it
>
> Regards
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list