[Samba] Can't use samba-tool gpo restore command
Rowland penny
rpenny at samba.org
Wed Jul 8 13:54:33 UTC 2020
On 08/07/2020 14:26, Csorba Róbert via samba wrote:
> Hi,
>
> After I successfully dumped the GPO policies on my working domain
> controller I would like to reuse it on a different domain server, but
> when I use the following command:
>
> samba-tool gpo restore B59E0B93-8226-40CA-A5C8-58A7AA1D139E
> /var/tmp/samba_gpo/policy/\{B59E0B93-8226-40CA-A5C8-58A7AA1D139E\}
>
> I got this error message:
>
> Using temporary directory /tmp/tmpo7huf4c0 (use --tmpdir to change)
> ERROR(ldb): uncaught exception - LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <acl: unable to get access to
> CN={76FFB9E4-B557-433E-B105-7F5C36AE54C1},CN=Policies,CN=System,DC=teszt,DC=darabanth,DC=pro
> > <>
> File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
> line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
> 1417, in run
> credopts, versionopts)
> File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
> 1239, in run
>
> Do you have any idea what cause the problem or I use the command
> incorrectly?
I take it you are running the command as root or with sudo, if so, try
adding '-U USERNAME' to the end of the command, where 'USERNAME' is a
user with permission to change AD e.g. Administrator or a member of
Domain Admins.
Rowland
More information about the samba
mailing list