[Samba] GPO fail and sysvol perm errors
Rowland penny
rpenny at samba.org
Sun Oct 25 21:16:46 UTC 2020
On 25/10/2020 20:59, Sonic wrote:
> On Sun, Oct 25, 2020 at 4:41 PM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> its a bit like 'wack a mole', just keep running sysvolreset :-D
> It's needed after every GPO addition and edit. There must be a root
> cause to hunt down somewhere. Or is it a bug in 4.13.0 ?
OK, yes there is a bug, but not only that, the bug has a bug :-D
I have tried numerous times to fix this, but without success (obviously).
One of the problems is that, in my opinion, Samba has never used the
correct ACL's on sysvol, they are different to the ones Windows uses on
2012R2
Now you have prompted me, I might just take a run at it again.
One other potential problem is that Windows allows groups to 'own'
things, something that only a user can do on Unix, so if you use the
winbind 'ad' backend on Unix domain members, you must never give the
Domain Admins a gidNumber, if you do it just becomes a group and then
cannot own anything in sysvol.
Rowland
More information about the samba
mailing list