[Samba] Samba4.9.5 AD DC SYSVOL
Kees van Vloten
keesvanvloten at gmail.com
Fri Feb 18 22:08:04 UTC 2022
On 18-02-2022 22:59, Matt via samba wrote:
> On Fri, 2022-02-18 at 14:38 -0700, David Mulder via samba wrote:
>> On 2/18/22 2:16 PM, Matt via samba <samba at lists.samba.org> wrote:
>>> Somewhere along the way my SYSVOL permissions got messed up. I
>>> can't
>>> change anything from windows as a domain admin user. I get a
>>> message
>>> that I don't have permissions. I'm not sure even where to begin
>>> with
>>> this problem and any direction would be appreciated.
>>>
>> Try doing a `samba-tool ntacl sysvolreset`
>>
> I did try that but it didn't help. I did read in some places about
> being cautious with that if you already have GPOs, which I do. I wonder
> if that may be why this is no longer working.
>
> I just removed the requirement from the samba share configuration on
> sysvol to limit to root. Maybe I've broken something in the mapping of
> "Domain Admins" to root?
>
I am using 'samba-tool ntacl sysvolreset' after every change on sysvol
(but on 4.15.5), I have not experienced issues with it.
I have left the sysvol definition in /etc/samba/smb.conf default, which is:
[sysvol]
path = /var/lib/samba/sysvol
read only = No
vfs objects = dfs_samba4, acl_xattr, full_audit
As there are no limitations here, access is entirely arranged by ntacls
on filesystem objects in the share path. When you mess up those the
'sysvolreset' command is there to the rescue.
- Kees
>
More information about the samba
mailing list