[Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies

Richard p1 at originsystems.co.za
Thu Jan 12 19:51:12 UTC 2017 

does this look better?

# getfacl /usr/local/samba/var/locks/sysvol/ct.mydomain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/ ct.mydomain.com /Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
# owner: 3000008
# group: 3000008
user::rwx
user:root:rwx
user:3000002:rwx
user:3000003:r-x
user:3000006:rwx
user:3000010:r-x
group::rwx
group:10013:rwx
group:10014:r-x
group:3000002:rwx
group:3000003:r-x
group:3000006:rwx
group:3000010:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000002:rwx
default:user:3000003:r-x
default:user:3000006:rwx
default:user:3000010:r-x
default:group::---
default:group:10013:rwx
default:group:10014:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:group:3000006:rwx
default:group:3000010:r-x
default:mask::rwx
default:other::---

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba
Sent: 12 January 2017 21:25
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies

On 1/12/2017 2:09 PM, Rowland Penny via samba wrote:
> On Thu, 12 Jan 2017 20:46:15 +0200
> Richard via samba <samba at lists.samba.org> wrote:
>
>> Hi James
>>
>> The output is as follows...
>>
>> wbinfo --gid-info=10013    =>  CT\domain admins:x:10013:
>>
>> wbinfo --uid-info=3000008 => CT\domain 
>> admins:*:3000008:3000008::/home/CT/domain admins:/bin/false
> If you remove the gidNumber from Domain Admins, you will find that it 
> gets the same GID as its UID '3000008'
>
>> Yes I have set "domain admins" to have NIS domain "CT" and GID 
>> "10013"  - I can remove this no problem
> See above and I would suggest removing the gidNumber, then run 'net 
> cache flush'
>
>> Yes I have set "domain users" to have NIS domain "CT" and GID "10014"  
>> - I can remove this no problem
> No that is OK
>
>> No I haven't set a UID or GID for Administrator
> Good, you just Administrator into a normal Unix user if you do.
>
>> I do indeed have 'idmap_ldb:use rfc2307 = Yes' - should I remove this 
>> from smb.conf?
> No, you need it
>
> Rowland
>

I'm hoping if you remove the domain admins GID and run sysvolreset, it will put the ownership back to # file: 
usr/local/samba/var/locks/sysvol/mydomain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: 3000008
# group: 3000008

Yours currently is

# owner: root
# group: 10013

--
- James


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list