[Samba] GPO fail and sysvol perm errors
Sonic
sonicsmith at gmail.com
Sun Oct 25 19:44:18 UTC 2020
On Sun, Oct 25, 2020 at 3:31 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
> OK, if you look at the end of the permissions, there is a '+' sign, this
> shows that extended acls set, to see these:
>
> getfacl /usr/local/samba/var/locks/sysvol
The difference in acls is that the non-working domain includes:
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
and
default:user:3000001:r-x
default:user:3000002:rwx
default:user:3000003:r-x
Otherwise they are identical.
> You can also see the extended ACL's with:
> samba-tool ntacl get /usr/local/samba/var/locks/sysvol --as-sddl
Working domain:
O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
Non-working domain:
O:LAG:DAD:(A;OICI;0x001f01ff;;;LA)(A;OICI;0x001200a9;;;SA)(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;S-1-5-21-546846319-217595157-9522986-572)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001200a9;;;SA)(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;S-1-5-21-546846319-217595157-9522986-572)(A;OICI;;;;WD)(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;LA)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;;;;CG)
I tried adding the sgid bit and restarting samba but there was no
change in the results.
More information about the samba
mailing list