[Samba] Administrator lost write privileges to sysvol (Can't add/edit anything using RSAT Tools)
Rowland penny
rpenny at samba.org
Thu Jan 23 15:30:32 UTC 2020
On 23/01/2020 15:06, L.P.H. van Belle via samba wrote:
> I havent read the complete thread but was "Create Group" set on the share.
>
> What does. getfacl say on the file/folder
>
> Deny preffers over Allow.
>
> Your setup on sysvol shows :
> getfacl /usr/local/samba/var/locks/sysvol
> getfacl: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol
> # owner: 3000000
> # group: 3000000
> user::rwx
> user:root:rwx
> user:3000000:rwx
> user:3000001:r-x
> user:3000002:rwx
> user:3000003:r-x
> group::rwx
> group:3000000:rwx
> group:3000001:r-x
> group:3000002:rwx
> group:3000003:r-x
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:root:rwx
> default:user:3000000:rwx
> default:user:3000001:r-x
> default:user:3000002:rwx
> default:user:3000003:r-x
> default:group::r-x
> default:group:3000000:rwx
> default:group:3000001:r-x
> default:group:3000002:rwx
> default:group:3000003:r-x
> default:mask::rwx
> default:other::rwx
>
> Compaired to mine.
> # file: home/samba/sysvol
> # owner: root
> # group: root
> # flags: -s-
> user::rwx
> user:root:rwx
> user:BUILTIN\\administrators:rwx
> user:BUILTIN\\server\040operators:r-x
> user:NT\040AUTHORITY\\system:rwx
> user:NT\040AUTHORITY\\authenticated\040users:r-x
> group::rwx
> group:BUILTIN\\administrators:rwx
> group:BUILTIN\\server\040operators:r-x
> group:NT\040AUTHORITY\\system:rwx
> group:NT\040AUTHORITY\\authenticated\040users:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\\administrators:rwx
> default:user:BUILTIN\\server\040operators:r-x
> default:user:NT\040AUTHORITY\\system:rwx
> default:user:NT\040AUTHORITY\\authenticated\040users:r-x
> default:group::---
> default:group:BUILTIN\\administrators:rwx
> default:group:BUILTIN\\server\040operators:r-x
> default:group:NT\040AUTHORITY\\system:rwx
> default:group:NT\040AUTHORITY\\authenticated\040users:r-x
> default:mask::rwx
> default:other::---
> default:other::---
>
> You see the differences..
>
> I think its mostly share of ACL rights the need be corrected.
>
>
Hi Louis, I don't think the problem has anything to do with sysvol
(though I am open to having my mind changed), the problem seem to have
something to do with Administrator no longer being able to write to AD
from ADUC.
Rowland
More information about the samba
mailing list