[Samba] GPO fail and sysvol perm errors

Rowland penny rpenny at samba.org
Sun Oct 25 21:16:46 UTC 2020

On 25/10/2020 20:59, Sonic wrote:
> On Sun, Oct 25, 2020 at 4:41 PM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> its a bit like 'wack a mole', just keep running sysvolreset :-D
> It's needed after every GPO addition and edit. There must be a root
> cause to hunt down somewhere. Or is it a bug in 4.13.0 ?

OK, yes there is a bug, but not only that, the bug has a bug :-D

I have tried numerous times to fix this, but without success (obviously).

One of the problems is that, in my opinion, Samba has never used the 
correct ACL's on sysvol, they are different to the ones Windows uses on 

Now you have prompted me, I might just take a run at it again.

One other potential problem is that Windows allows groups to 'own' 
things, something that only a user can do on Unix, so if you use the 
winbind 'ad' backend on Unix domain members, you must never give the 
Domain Admins a gidNumber, if you do it just becomes a group and then 
cannot own anything in sysvol.


More information about the samba mailing list