[Samba] Samba4.9.5 AD DC SYSVOL
Rowland Penny
rpenny at samba.org
Fri Feb 18 22:08:11 UTC 2022
On Fri, 2022-02-18 at 13:59 -0800, Matt via samba wrote:
> On Fri, 2022-02-18 at 14:38 -0700, David Mulder via samba wrote:
> > On 2/18/22 2:16 PM, Matt via samba <samba at lists.samba.org> wrote:
> > > Somewhere along the way my SYSVOL permissions got messed up. I
> > > can't
> > > change anything from windows as a domain admin user. I get a
> > > message
> > > that I don't have permissions. I'm not sure even where to begin
> > > with
> > > this problem and any direction would be appreciated.
> > >
> >
> > Try doing a `samba-tool ntacl sysvolreset`
> >
> I did try that but it didn't help. I did read in some places about
> being cautious with that if you already have GPOs, which I do. I
> wonder
> if that may be why this is no longer working.
>
> I just removed the requirement from the samba share configuration on
> sysvol to limit to root. Maybe I've broken something in the mapping
> of
> "Domain Admins" to root?
There is only a problem with sysvolreset if you do two things:
Add any extra GPO's
Give 'Domain Admins' a gidNumber attribute
You also shouldn't map 'Domain Admins' to root (incidentally, how have
you done this ?)
It may help if you post your smb.conf from the DC and explain any
changes you may have made to the DC.
Rowland
More information about the samba
mailing list