[Samba] Can't create/update Group Policy in Samba 4.6.5
Rowland Penny
rpenny at samba.org
Sun Jul 2 15:26:51 UTC 2017
On Sun, 2 Jul 2017 11:30:32 -0300
Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I'm using Samba 4.6.5 and I have installed as follows:
>
> wget -c https://download.samba.org/pub/samba/stable/samba-4.6.5.tar.gz
>
> tar -xzvf samba-4.6.5.tar.gz
>
> cd samba-4.6.5
>
> ./configure --enable-debug --enable-selftest
Why ? you only need './configure' , unless you are going to run the
tests.
>
> make
>
> make install
>
> It seems that is working properly, however I can't create or update
> GPO with Windows Group Policy Management tool.
>
> When I try, "Denied Access" message appear.
>
> I'm using an user that is member of "Domain Admins", "Domain
> Computers", "Domain Controllers", "Group Policy Creators Owners" and
> "Domain Users".
>
> When I run "samba-tool ntacl sysvolreset" command, appear the
> following errors:
>
> root at dc1:/usr/local/samba/bin# ./samba-tool ntacl sysvolreset
Why are you running samba-tool like that, haven't you set up your PATH
correctly, if you run (in a terminal):
echo $PATH
it should return your path and that should start like this:
/usr/local/samba/bin:/usr/local/samba/sbin:
If your PATH is set correctly, you should be able to run samba-tool
from anywhere, from /root for instance.
> I have verified that permissions on my files in
> "/usr/local/samba/var/locks/" are like this:
>
> ls -l /usr/local/samba/var/locks/
> total 1384
> -rw------- 1 root staff 421888 Mai 15 21:57 account_policy.tdb
> -rw------- 1 root staff 528384 Mai 15 21:57 registry.tdb
> -rw------- 1 root staff 421888 Mai 15 21:57 share_info.tdb
> drwxr-sr-x 3 root 30056 4096 Jul 1 19:40 sysvol
> -rw------- 1 root staff 32768 Jul 1 19:45 winbindd_cache.tdb
> drwxr-s--- 2 root staff 4096 Jul 1 19:45 winbindd_privileged
Who is '30056' ?
Have you given 'Administrator' a uidNumber ?
Have you given 'Domain Admins' the 'SeDiskOperatorPrivilege' ?
> /usr/local/samba/etc/smb.conf
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> acl_xattr:ignore system acls = yes
You should remove the above line, it isn't required.
Rowland
More information about the samba
mailing list