[Samba] sysvolcheck and sysvolreset errors
spindles7 at gmail.com
Wed May 20 13:47:21 UTC 2020
> Yes, There are three places where permissions are stored on sysvol (4 if you count in AD), the standard Linux permissions 'ugo',
> ACLs as shown by getfacl and an EA (this is where the ACLs are stored when set from Windows).
> Try running 'samba-tool ntacl get /var/lib/samba/sysvol --as-sddl', this should produce something similar to this:
> Try checking using that, but you will have to do it file file etc.
> I personally would set the permissions from Windows and ignore sysvolcheck/reset. Also ensure that Domain Admins does not have a
> gidNumber if you are using the RFC2307 attributes.
Yes, I get the similar output but it's not what sysvolcheck is expecting. Well I suppose sysvolcheck isn't happy with the
permissions, but as GPOs are able to be edited, changed and are applied to both computers and users then I assume this can be
ignored. I got the acl settings from Louis' script, but does the WiKi stipulate what they should be? If so setting them to what
sysvolcheck expects - will that make this error go away? Is it a bug in sysvolcheck?
More information about the samba