[Samba] Administrator lost write privileges to sysvol (Can't add/edit anything using RSAT Tools)

L.P.H. van Belle belle at bazuin.nl
Thu Jan 23 15:06:04 UTC 2020


I havent read the complete thread but was "Create Group" set on the share. 

What does. getfacl say on the file/folder

Deny preffers over Allow. 

Your setup on sysvol shows :
getfacl /usr/local/samba/var/locks/sysvol
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: 3000000
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
group::rwx
group:3000000:rwx
group:3000001:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000001:r-x
default:user:3000002:rwx
default:user:3000003:r-x
default:group::r-x
default:group:3000000:rwx
default:group:3000001:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::rwx

Compaired to mine. 
# file: home/samba/sysvol
# owner: root
# group: root
# flags: -s-
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---
default:other::---

You see the differences.. 

I think its mostly share of ACL rights the need be corrected. 


Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: woensdag 22 januari 2020 19:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Administrator lost write privileges to 
> sysvol (Can't add/edit anything using RSAT Tools)
> 
> On 22/01/2020 17:44, Darren Conte via samba wrote:
> > Thanks for the reply Rowland.
> >
> > I do realize now, the add/removal of a group member must be 
> performed from
> > the 'members' attribute of the Group. I was unaware of this.
> >
> > Here is the command results.  This is a compiled samba so I 
> edited your
> > command to point to the correct directory.
> >
> >> Is your old user in the output ?
> > No - the old user 'Rodolfo' is not listed here anymore.
> >
> > root at server:/# ldbsearch -H 
> /usr/local/samba/private/sam.ldb -b $(echo
> > dc=$(hostname -d) | sed 's/\./,dc=/g') -s sub
> > '(&(objectClass=group)(cn=Domain Admins))' member
> > # record 1
> > dn: CN=Domain Admins,CN=Users,DC=radicallaw,DC=net
> > member: CN=Jeanne Mirer,CN=Users,DC=radicallaw,DC=net
> > member: CN=Administrator,CN=Users,DC=radicallaw,DC=net
> >
> I only half expected it would be ;-)
> 
> Try running 'samba-tool dbcheck' on the DC, does it show any errors ?
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list