[Samba] Samba Sysvol and GPO Issues

Franco Suarez frann.suarez at gmail.com
Tue Oct 13 18:57:36 UTC 2020 

Hi Rowland.

I'm using CentOS 8.2.2004

The Samba is compiled from sources, it's the only DC and I'm not using it
as a fileserver.

# Global parameters
[global]
        dns forwarder = 10.30.251.70
        netbios name = SAMBA4-01
        realm = LARRY.LAN
        server role = active directory domain controller
        workgroup = LARRY
        idmap_ldb:use rfc2307 = yes

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/larry.lan/scripts
        read only = No

Thanks!


El mar., 13 oct. 2020 a las 15:48, Rowland penny via samba (<
samba at lists.samba.org>) escribió:

> On 13/10/2020 19:24, Franco Suarez via samba wrote:
> > Hi Samba Team!
> >
> > It's me again I'm having some issues with gpo's and sysvol access.
> Strange as it might seem, I do not remember you :-)
> >
> > I've installed samba 4.12.7. using idmap_ldb:use rfc2307
> Yes, but what on and how ?
> >
> > When I tried to create a gpo using the rsat tools I got a Permission
> Denied
> > error.
> >
> > Among other things, I have run:
> > samba-tool ntacl sysvolreset
> >
> > Also I added to smb.conf
> > acl_xattr:ignore system acls = yes
> > in sysvol and netlogon sections.
> > I tried to add 777 permissions to sysvol directory  and used the github
> > script "samba-check-set-sysvol.sh"
> >
> > but the problem persists.
> >
> > I got this error
> > ==> log.smbd <==
> > [2020/10/13 14:56:20.544071,  0]
> > ../../source3/smbd/service.c:183(chdir_current_service)
> >    chdir_current_service: vfs_ChDir(/var/samba/locks/locks/sysvol)
> failed:
> > Permission denied. Current token: uid=3000020, gid=3000004, 12 groups:
> > 3000020 3000004 3000005 3000021 3000008 100 3000014 3000015 3000003
> 3000000
> > 3000009 3000016
>
> It doesn't look like you have modified anything in AD, but that is just
> about all I can tell about you domain from what you have posted.
>
> What OS ?
>
> Are you using the OS Samba packages, third party packages or have you
> compiled Samba yourself ?
>
> Is this the only DC and are you using it as a fileserver ? (not
> recommended)
>
> Please post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list