[Samba] Sysvol GPO ACLs problem (SOLVED)

Rowland penny rpenny at samba.org
Tue May 19 17:19:14 UTC 2020

On 19/05/2020 17:12, Pablo Sanz via samba wrote:
> Hi,
> We have solved the problem and the command 'samba-tool ntacl sysvolreset' is working correctly again. We have been able to reset the SYSVOL permissions and the AD GPOs are working again.
> The problem is that if we have the audit options active in the smb.conf, that command stops working. We don't know why. If we temporarily remove them if it works.
> I know that we have an old version of CentOS, with Python 2.6.6. As soon as we can we will migrate to CentOS 8 and Samba 4.12.
I am willing to bet you had something like 'vfs objects = audit' set in 
[global] or a share, on a DC this turns off acl_xattr, you need to set 
'vfs objects = dfs_samba4 acl_xattr audit'


More information about the samba mailing list