[Samba] Sysvol issues after DC migration
Oleg Blyahher
oleg.blyahher at bluetest.se
Tue Mar 16 08:58:31 UTC 2021
I've removed uidNumber from the Administrator user (it had 2500). Still
getting the same "Access is denied" when trying to change things, and
can't set the owner.
The Administrator user also has the gidNumber 512, if that helps anything.
What do I do next?
Oleg
On 2021-03-15 20:43, Rowland penny via samba wrote:
> On 15/03/2021 19:30, Oleg Blyahher via samba wrote:
>> Ok, thanks Rowland. I've made it a further now, and the script runs
>> to the point it tells me the following:
>>
>> Set your sysvol SHARE permissions as followed. EVERYONE: READ
>> Authenticated Users: FULL CONTROL (BUILTIN or NTDOM)\Administrators:
>> FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL User/Group
>> system is added compaired to a win2008R2 sysvol, you need this for
>> some GPO settings. Set your sysvol FOLDER permissions as followed.
>> Authenticated Users: Read & Exec, Show folder content, Read (BUILTIN
>> or NTDOM)\Administrators: FULL CONTROL (BUILTIN or NTDOM)\SYSTEM,
>> FULL CONTROL
>>
>>
>> I've opened up Computer Management as the domain admin, but I can't
>> do any changes in the permissions. It keeps telling me "Access is
>> denied" whenever I try to modify the share or security permissions.
>> Right now "Everyone" have full access in the share permissions. I
>> can't even see the owners there.
>>
>> Any point in modifying the sysvol folder with setfacl? Where should I
>> look next?
>
>
> Does 'Administrator' have a uidNumber ?
>
> Does:
>
> wbinfo -i Administrator | awk -F ':' '{print $3}'
>
> Return '0' ?
>
> If it doesn't, remove the uidNumber from Administrator.
>
> Rowland
>
>
>
More information about the samba
mailing list