[Samba] Sysvol issues after DC migration
Rowland penny
rpenny at samba.org
Mon Mar 15 19:43:33 UTC 2021
On 15/03/2021 19:30, Oleg Blyahher via samba wrote:
> Ok, thanks Rowland. I've made it a further now, and the script runs to
> the point it tells me the following:
>
> Set your sysvol SHARE permissions as followed. EVERYONE: READ
> Authenticated Users: FULL CONTROL (BUILTIN or NTDOM)\Administrators:
> FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL User/Group system
> is added compaired to a win2008R2 sysvol, you need this for some GPO
> settings. Set your sysvol FOLDER permissions as followed.
> Authenticated Users: Read & Exec, Show folder content, Read (BUILTIN
> or NTDOM)\Administrators: FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL
> CONTROL
>
>
> I've opened up Computer Management as the domain admin, but I can't do
> any changes in the permissions. It keeps telling me "Access is denied"
> whenever I try to modify the share or security permissions. Right now
> "Everyone" have full access in the share permissions. I can't even see
> the owners there.
>
> Any point in modifying the sysvol folder with setfacl? Where should I
> look next?
Does 'Administrator' have a uidNumber ?
Does:
wbinfo -i Administrator | awk -F ':' '{print $3}'
Return '0' ?
If it doesn't, remove the uidNumber from Administrator.
Rowland
More information about the samba
mailing list