[Samba] GPO fail and sysvol perm errors

Sonic sonicsmith at gmail.com
Mon Oct 26 16:59:46 UTC 2020


On Mon, Oct 26, 2020 at 6:46 AM L. van Belle via samba
<samba at lists.samba.org> wrote:
> getfacl /var/lib/samba/sysvol/$(hostname -d)/Policies/
> getfacl: Removing leading '/' from absolute path names
> # file: var/lib/samba/sysvol/my.domain.tld/Policies/
> # owner: root
> # group: BUILTIN\\administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\\administrators:rwx
> user:BUILTIN\\server\040operators:r-x
> user:NT\040AUTHORITY\\system:rwx
> user:NT\040AUTHORITY\\authenticated\040users:r-x
> user:ADDOM\\group\040policy\040creator\040owners:rwx
> group::rwx
> group:BUILTIN\\administrators:rwx
> group:BUILTIN\\server\040operators:r-x
> group:NT\040AUTHORITY\\system:rwx
> group:NT\040AUTHORITY\\authenticated\040users:r-x
> group:ADDOM\\group\040policy\040creator\040owners:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\\administrators:rwx
> default:user:BUILTIN\\server\040operators:r-x
> default:user:NT\040AUTHORITY\\system:rwx
> default:user:NT\040AUTHORITY\\authenticated\040users:r-x
> default:user:ADDOM\\group\040policy\040creator\040owners:rwx
> default:group::---
> default:group:BUILTIN\\administrators:rwx
> default:group:BUILTIN\\server\040operators:r-x
> default:group:NT\040AUTHORITY\\system:rwx
> default:group:NT\040AUTHORITY\\authenticated\040users:r-x
> default:group:ADDOM\\group\040policy\040creator\040owners:rwx
> default:mask::rwx
> default:other::---

The above is also what I get after applying those rights.

> Do you also have/see:
> default:group:ADDOM\\group\040policy\040creator\040owners:rwx
> And are the needed users in there?

I see it, yes, not sure who the needed users are.

> How does it look in windows, under Advanced right settings.

Administrators          Full Control
Server Operators        Read & Execute
SYSTEM                  Full Control
Authenticated Users     Read & Execute

Should there be something else?

However the sysvolcheck still fails and so does gpupdate, same errors
in the log as well.

Chris



More information about the samba mailing list