[Samba] Administrator lost write privileges to sysvol (Can't add/edit anything using RSAT Tools)
Darren Conte
darren.conte at volereservices.com
Wed Jan 22 17:44:20 UTC 2020
---------- Forwarded message ----------
>From: Rowland penny <rpenny at samba.org>
>To: samba at lists.samba.org
>
>Not sure why you think sysvol has anything to do with this, it is only
used to store GPOs and netlogon scripts.
>
>You removed the user from Domain Admins from the wrong end, the user has
a 'memberOf' attribute and the group uses a 'member' attribute, the
'memberOf' & 'member' attributes are linked. to add a user to a group,
you add a 'member' attribute containing a users DN and the user
automatically gets a 'member' attribute containing the DN of the group.
To delete a user from a group, you do this in reverse, you remove the
'member' attribute from the group and the 'memberOf' attribute in the
user object disappears.
>
>Try running this on the DC:
>
>ldbsearch -H /var/lib/samba/private/sam.ldb -b $(echo dc=$(hostname -d)
| sed 's/\./,dc=/g') -s sub '(&(objectClass=group)(cn=Domain Admins))'
member
>
>Is your old user in the output ?
>
>Rowland
Thanks for the reply Rowland.
I do realize now, the add/removal of a group member must be performed from
the 'members' attribute of the Group. I was unaware of this.
Here is the command results. This is a compiled samba so I edited your
command to point to the correct directory.
>Is your old user in the output ?
No - the old user 'Rodolfo' is not listed here anymore.
root at server:/# ldbsearch -H /usr/local/samba/private/sam.ldb -b $(echo
dc=$(hostname -d) | sed 's/\./,dc=/g') -s sub
'(&(objectClass=group)(cn=Domain Admins))' member
# record 1
dn: CN=Domain Admins,CN=Users,DC=radicallaw,DC=net
member: CN=Jeanne Mirer,CN=Users,DC=radicallaw,DC=net
member: CN=Administrator,CN=Users,DC=radicallaw,DC=net
# Referral
ref: ldap://radicallaw.net/CN=Configuration,DC=radicallaw,DC=net
# Referral
ref: ldap://radicallaw.net/DC=DomainDnsZones,DC=radicallaw,DC=net
# Referral
ref: ldap://radicallaw.net/DC=ForestDnsZones,DC=radicallaw,DC=net
# returned 4 records
# 1 entries
# 3 referrals
Darren
_______________________________________________
samba mailing list
samba at lists.samba.org
https://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfFbGo3YXpfgryIw9DbX1YShpvVYFAl4nJNsACgkQDbX1YShp
vVZryQ//Wm+U/82M3fU4q5/MdstBAoWOAuZvdOe8iR3lS26TI9z0Nen5lkogajDe
L/8JDpIS5Rhg+WXJzo2IUFD5je2+0/wgBrd9a05C7mayb7TSW/yqdn0h4cphR5fa
PWAANSlWdOeVb3FdPOiRmCwFBX+kJmYG6aQfzBAG7rQbAeL+2UI32s8fFSWflVTW
jrdmR3BwleYEKiGJVvO8sU8UOJar5vU6DXpleZFj1qGTiOCeTMhlN48byUEwpTYD
BFm/aniniK3PcnOeQOAmrk1M/BmvxcdyvrTk3VPTHMsxvnlqPn1Ae0aUiZg7KYcz
o/clV3E7J22FVpDAKIXMHUhHRcVSsSLlkafylczCd8M5iCuPokXWZs62Ztdhw+pA
SMpKHTl6xipU6vrOwwwIIYJlV05AGYhCYzaIYvnDvtzu4t7zxtNka4R/w8/pE+lW
3X8JfGxpUeoND4/2peD0TKBkTRxDTGQuSkBrPyg1CfKG6q3+7nCrTYxCbigWiIlT
SjpYucNszPkEUjg20Kc8b/2ycbcpSMv2mxTxPq7XtL51AMELBeHABP+33X/ogq55
+LJ004wrqwkgBpSdappXb8U3z51KdRh4vfQKRLUpgWcds0oAMSW09twmjoiF6+F8
R3xcF3BvQPCuvs8ltSNbx0wkoi59YFzDh+HgpGI0rQ8VM99dkLM=
=Gwjm
-----END PGP SIGNATURE-----
More information about the samba
mailing list