[Samba] Problem with creating a new GPO

Rowland Penny rpenny at samba.org
Thu Nov 3 15:05:30 UTC 2016 

On Thu, 03 Nov 2016 15:10:11 +0100
Janning Schmidt <janning.schmidt at xinux.de> wrote:

> Hi.
> 
> It´s a virtual machine on an esxi-server, if that was what you meant.
> 
> The Version is "Version 4.1.6-Ubuntu"
> 
> There where no modifications done before this error showed up the
> first time.
> 
> And the smb.conf-file is:
> 
> root at serverx:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
>      workgroup = JOLA-INTRA
>      realm = jola-intra.lan
>      netbios name = SERVERX
>      server role = active directory domain controller
>      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>      idmap_ldb:use rfc2307 = yes
>      #log level = 5
> 
>       allow dns updates = nonsecure
>          server services = -dns
>      vfs objects = recycle
>      recycle:repository = /mount/recyclebin
>          recycle:directory_mode = 1770
>      recycle:exclude = recyclebin
> [netlogon]
>      path = /var/lib/samba/sysvol/jola-intra.lan/scripts
>      read only = No
> 
> [sysvol]
>      path = /var/lib/samba/sysvol
>      read only = No
> 
> 
> [profiles]
>          path = /mount/daten/samba/profiles
>          browseable = No
>          writeable = yes
>          create mask = 0600
>          directory mask = 0700
> [home]
>           path = /mount/daten/home/
>           read only = No
> 
> Am 03.11.2016 um 14:39 schrieb Rowland Penny via samba:
> > On Thu, 03 Nov 2016 14:23:07 +0100
> > Janning Schmidt via samba <samba at lists.samba.org> wrote:
> >
> >> Hello.
> >>
> >> I have a Problem with creating a GPO on Samba. Each time I try to
> >> create a new one, it shows "The security id may not be assigned as
> >> the owner of this object". I've already checked the sysvol-folder
> >> and it seems to have the correct permissions. I also checked the
> >> Account-Permissions (I'm the build-in Administrator, when trying
> >> this) and I also checked the connection to the dc. I even tried
> >> using different Versions of Windows (7, 8.1) all with the same
> >> error. Could you please tell me what to do and how to fix this?
> >> The internet doesn't show anything helpful. If you need further
> >> data, write me back, and I'll provide it.
> >>
> >> greetings
> >>
> > How did you provision the Samba DC ?
> > What version of Samba ?
> > Have you modified anything ?
> > Can you post your smb.conf
> >
> > Rowland
> >
> 

first obvious mistake ;-)
The two 'server services' lines mean the same thing, so you might as
well remove the second one.

Is avahi running on the DC, if so, I would suggest stopping it.

You really should use windows ACLs on the DC, see here for how to set
up the profiles dir:

https://wiki.samba.org/index.php/Implementing_roaming_profiles

But your main problem is probably that Ubuntu doesn't have a root user
and Administrator is mapped to ID '0' in idmap.ldb, so you might have
to give 'root' a password.

Rowland

More information about the samba mailing list