[Samba] Problems joining station in domain

[Marcio Demetrio Bacci]

Hi,

Result of getfacl in Samba-DC1:

getfacl /var/lib/samba/sysvol/empresa.com.br/Policies/
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol/empresa.com.br/Policies/
# owner: 3000000
# group: 3000015
user::rwx
user:3000009:rwx
user:3000013:r-x
user:3000015:rwx
user:3000016:r-x
group::rwx
group:3000000:rwx
group:3000009:rwx
group:3000013:r-x
group:3000015:rwx
group:3000016:r-x
mask::rwx
other::---
default:user::rwx
default:user:3000000:rwx
default:user:3000009:rwx
default:user:3000013:r-x
default:user:3000015:rwx
default:user:3000016:r-x
default:group::---
default:group:3000000:rwx
default:group:3000009:rwx
default:group:3000013:r-x
default:group:3000015:rwx
default:group:3000016:r-x
default:mask::rwx
default:other::---

>Is there a firewall running on the DC ?
No

Or is Apparmor running ?
No

Regards,

Márcio Bacci

Em seg, 26 de ago de 2019 às 17:06, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 26/08/2019 20:43, Marcio Demetrio Bacci wrote:
> > Hi,
> >
> > Another strange situation occurs when I use the RSAT GPO tool in
> > Windows 7. The following message appears:
> > "RPC Server not available"
> >
> > Another situation is that I have created a GPO to allow helpdesk group
> > only to add stations in the domain, but this GPO does not work.
> >
> > The permissions of the Sysvol folder look like this:
> >
> > ls -lah /var/lib/samba/sysvol/empresa.com.br/Policies/
> > <http://empresa.com.br/Policies/>
> > total 96K
> > drwxrwx---+ 12 3000000 3000015 4,0K ago 26 14:50 .
> > drwxrwxr-x+  6 root    3000015 4,0K jul 29 12:13 ..
> > drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
> > {23A926E4-7EF5-41A7-AEAB-7A8D950B95AA}
> > drwxrwx---+  4 3000000 3000015 4,0K jul 29 11:36
> > {31B2F340-016D-11D2-945F-00C04FB984F9}
> > drwxrwx---+  5 3000000 3000015 4,0K jul 29 11:36
> > {6AC1786C-016F-11D2-945F-00C04fB984F9}
> > drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
> > {AA1EDEBC-99BA-4E86-9941-D067EC079D9C}
> > drwxrwx---+  4 3000008 3000008 4,0K ago 21 15:55
> > {AFC65B84-867D-459D-9C0C-CBB3D511F086}
> > drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
> > {B495E0CC-C411-4970-B2F0-B761933BEE71}
> > drwxrwx---+  5 3000008 3000008 4,0K ago 21 15:24
> > {D1310DE4-5ECF-4367-9E90-A9CB1E2D18DA}
> > drwxrwx---+  4 3000008 3000008 4,0K ago 26 14:50
> > {DA0EA122-2666-49A8-BD50-2A8E42AB15DC}
> > drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
> > {E78B5E20-C964-4548-9086-33398DDC2C9A}
> > drwxrwx---+  4 3000000 3000008 4,0K jul 29 11:36
> > {E977DEE8-F765-4513-BCA3-0B221DD3BB5F}
> >
> No, they are the Unix permissions, you either need to use 'getfacl' to
> see the extended ACLs or better still, check them from Windows.
>
> Is there a firewall running on the DC ?
>
> Or is Apparmor running ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>