[Samba] Warning messages when provisioning an ADDC
Rowland penny
rpenny at samba.org
Sat Feb 6 11:47:48 UTC 2021
On 06/02/2021 10:07, Thomas Geppert via samba wrote:
> Am 2/5/21 um 3:51 PM schrieb Ralph Boehme:
>> it seems this command doesn't use the same logic as samba-tool ntacl get which has the option --use-s3fs and tells the command to go via the VFS instead of accessing the xattr directly.
> I'm lost again. The checksysvolacl function does do this by intention. There is the following comment in the code:
>
> # Ensure we can read this directly, and via the smbd VFS
>
> and then the code loops the getntacl function:
>
> for direct_db_access in [True, False]:
> .........
> fsacl = getntacl(lp, dir_path, session_info, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
>
> Why the hack does it need to assure that it can read the ACL direct ?
> Is there still a part of the operational ADDC code that only uses the direct access method ?
>
> Cheers
>
> Thomas
>
>
>
>
This is probably because not only are GPO's stored in Sysvol, they are
in AD as well and the AD access ACL's are based on the Sysvol Acl's.
Rowland
More information about the samba
mailing list