[Samba] Problem sysvolreset
Rowland Penny
rpenny at samba.org
Tue Mar 7 15:51:35 UTC 2017
On Tue, 7 Mar 2017 12:23:59 -0300
Edson Tadeu Almeida da Silveira via samba <samba at lists.samba.org> wrote:
>
>
>
> # samba-tool gpo aclcheck -U Administrator
>
> Password for [DOMAIN\Administrator]:
> ERROR: Invalid GPO ACL
> O:LAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> on path
> (cbmerj.local\Policies\{F274A070-5B45-4434-BB7C-75AE1D702A6B}),
> should be
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
>
>
> This last error is happening to all my policies. After each police i
> repair, another one shows up with problem and i canĀ“t delete all
> policies and recreate to test.
>
> Thanks for your help!
>
>
Welcome to the wonderful world of SYSVOL on a Samba4 AD DC ;-)
Have you set a gidNumber for Domain Admins ?
If so remove it, Domain Admins needs to own files and dirs in sysvol
and if the group has a gidNumber it cannot.
Note:
'O:LA' = owner: Local Administrator
'O:DA' = owner: Domain Admins
'G:DA' = group: Domain Admins
Rowland
More information about the samba
mailing list