[Samba] Sysvol permission issue - how to repair permanently?
Rowland penny
rpenny at samba.org
Tue Apr 6 10:46:50 UTC 2021
On 06/04/2021 11:32, Stefan Bellon wrote:
> On Tue, 06 Apr, Rowland penny via samba wrote:
>
>> The reason why you get that error is because you have given Domain
>> Admins a gidNumber,
> But that is not my case. Domain Admins DOES NOT have a gidNumber
> attribute (neither does Domain Users).
>
>> this means that 'O:DA' can never happen. I have multiple GPO's in
>> sysvol and this happens:
>>
>> pi at rpidc1:~ $ sudo samba-tool ntacl sysvolreset
>> pi at rpidc1:~ $ sudo samba-tool ntacl sysvolcheck
>> pi at rpidc1:~ $
>>
>> Absolutely no errors, this is with Samba 4.14.2
> After a "sysvolreset" a subsequent "sysvolcheck" works without any
> issues for me as well. This is not my issue.
>
> My issue is that it throws the error as soon as I have edited a GPO
> from RSAT, because that somehow changed the permissions in an
> "unexpected" way.
>
> Greetings,
> Stefan
>
Hi Stefan, if I write a script to read all the permissions on Sysvol,
(Unix, getfacl and 'samba-tool ntacl get'), are you prepared to run it
on a DC before you add a GPO and then again after, then send me the
resultant outputs ?
This may help to point to where the problem lies.
Rowland
More information about the samba
mailing list