[Samba] Sysvol permission issue - how to repair permanently?

Stefan Bellon bellon at axivion.com
Tue Apr 6 10:32:20 UTC 2021

On Tue, 06 Apr, Rowland penny via samba wrote:

> The reason why you get that error is because you have given Domain 
> Admins a gidNumber,

But that is not my case. Domain Admins DOES NOT have a gidNumber
attribute (neither does Domain Users).

> this means that 'O:DA' can never happen. I have multiple GPO's in
> sysvol and this happens:
> pi at rpidc1:~ $ sudo samba-tool ntacl sysvolreset
> pi at rpidc1:~ $ sudo samba-tool ntacl sysvolcheck
> pi at rpidc1:~ $
> Absolutely no errors, this is with Samba 4.14.2

After a "sysvolreset" a subsequent "sysvolcheck" works without any
issues for me as well. This is not my issue.

My issue is that it throws the error as soon as I have edited a GPO
from RSAT, because that somehow changed the permissions in an
"unexpected" way.


Stefan Bellon

More information about the samba mailing list