[Samba] Permission denied on GPT.ini (Event ID 1058)

L.P.H. van Belle belle at bazuin.nl
Mon Mar 21 14:53:36 UTC 2016 

Hai, 

Today i had a "about" same problem. 

Check the following. 

1) Get the Policy id  ( like ":  {78732DBF-5381-497B-9B25-00A278270A1F} from
 PATH_TO_SYSVOL_FOLDER/Policies/ 
2) run getfacl on the folder like : 
 getfacl \{78751DBF-5381-497B-9B25-00A278270A1F\}/ 

here  in my case i noticed the following. 
I had a user set on one specific policie, i changed that users to a newly created group. 

After looking with getfacl i noticed, that the user was still on GPT.INI 
and not the group. 
Reculting in the Permission denied on GPT.ini. 

For now i fixed it by getting setting the inheritance of the folder to the files again. 

Resume what i think and others must test also. 

When creating the policy for the first time it sets the correct U+G rights. 
After changing this, not. 

Other quick fix is, add the computer($) to the group. 

I hope people know what i mean, if not, ask me. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray
> Verzonden: maandag 21 maart 2016 10:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Permission denied on GPT.ini (Event ID 1058)
> 
> 
> 
> Le 20/03/2016 17:03, Klaus Hartnegg a écrit :
> >> Am 19.03.2016 um 08:16 schrieb Sébastien Le Ray <sebastien-
> samba at orniz.org>:
> >>
> >> Yes but in that case I'm not using the machine account anymore but the
> currently logged in user account. That's why I guess it is related to some
> machine account configuration issue but I can find no way to test machine
> account access?
> > psexec -i -s cmd.exe
> > must be run as admin
> > will open a new window
> > try there:
> > echo %username%
> > looks like machine account
> 
> Hi,
> 
> This gives me the machine account name which I already know.
> 
> BUT I used pushd \\path\to\sysvol in the spawned cmd.exe and I
> successfully mounted the supposedly unreadable share (tries all 5 DCs)
> and type'd the GPT.ini
> 
> If someone has any further investigation track, I'll take it
> 
> Regards
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list