[Samba] GPO fail and sysvol perm errors
Rowland penny
rpenny at samba.org
Sun Oct 25 20:41:16 UTC 2020
On 25/10/2020 20:37, Sonic wrote:
> The reset allowed the current GPO to take effect, but right after
> adding a new GPO (just named it, no editing, or linking) the
> sysvolcheck fails:
> # samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
> - ProvisioningError: DB ACL on GPO directory
> /usr/local/samba/var/locks/sysvol/hq.theauditors.com/Policies/{4409F67D-97F1-4241-9243-02058C6E3FE6}
> O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> does not match expected value
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> from GPO object
> File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py",
> line 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/ntacl.py",
> line 446, in run
> lp)
> File "/usr/local/samba/lib/python3.7/site-packages/samba/provision/__init__.py",
> line 1894, in checksysvolacl
> direct_db_access)
> File "/usr/local/samba/lib/python3.7/site-packages/samba/provision/__init__.py",
> line 1844, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/local/samba/lib/python3.7/site-packages/samba/provision/__init__.py",
> line 1786, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO directory %s %s does not
> match expected value %s from GPO object' %
> (acl_type(direct_db_access), path, fsacl_sddl, acl))
its a bit like 'wack a mole', just keep running sysvolreset :-D
Rowland
More information about the samba
mailing list