[Samba] Can't use samba-tool gpo restore command
Csorba Róbert
csorbarobert at darabanth.com
Wed Jul 8 15:02:21 UTC 2020
Hi,
Thank you Rowland! That did the trick.
Best,
Robert
2020. 07. 08. 15:54 keltezéssel, Rowland penny via samba írta:
> On 08/07/2020 14:26, Csorba Róbert via samba wrote:
>> Hi,
>>
>> After I successfully dumped the GPO policies on my working domain
>> controller I would like to reuse it on a different domain server, but
>> when I use the following command:
>>
>> samba-tool gpo restore B59E0B93-8226-40CA-A5C8-58A7AA1D139E
>> /var/tmp/samba_gpo/policy/\{B59E0B93-8226-40CA-A5C8-58A7AA1D139E\}
>>
>> I got this error message:
>>
>> Using temporary directory /tmp/tmpo7huf4c0 (use --tmpdir to change)
>> ERROR(ldb): uncaught exception - LDAP error 50
>> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <acl: unable to get access to
>> CN={76FFB9E4-B557-433E-B105-7F5C36AE54C1},CN=Policies,CN=System,DC=teszt,DC=darabanth,DC=pro
>> > <>
>> File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
>> line 186, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
>> 1417, in run
>> credopts, versionopts)
>> File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
>> 1239, in run
>>
>> Do you have any idea what cause the problem or I use the command
>> incorrectly?
>
> I take it you are running the command as root or with sudo, if so, try
> adding '-U USERNAME' to the end of the command, where 'USERNAME' is a
> user with permission to change AD e.g. Administrator or a member of
> Domain Admins.
>
> Rowland
>
>
>
More information about the samba
mailing list