[Samba] More on sysvol maintenance
Rowland Penny
rpenny at samba.org
Thu May 25 19:32:21 UTC 2023
On 25/05/2023 20:21, Luis Peromarta via samba wrote:
> Okay here we go again. This is what I’ve done.
>
> 1.- Created Unix Admins groups
> 2.- Remove gidNumber from Domain Admins group (10007)
> 3.- Add gidNumber 10007 to Unix Admins
> 4.- Add Unix Admins to Domain admins group
> 5.- Add me MAD\Luis to Unix Admins. I am also into Domain Admins group.
>
> I understand on the unix side of the member server, wherever before I read Domain Admins, I will now read Unix Admins - no other damage done.
>
> On DC2, I was now able to run sysvolreset, all GPOs now are (no errors after sysvolreset and no output from sysvolcheck)
>
> 8.0K drwxrwx---+ 4 root BUILTIN\administrators 4.0K Nov 7 2022 ..
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Apr 15 22:34 {0491EEAA-BF8A-43BE-98CA-72128C7EC0EA}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {06D5E045-DF21-45AA-962A-41CB3F665FCC}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {0723DCE9-C915-492A-9423-104BE034BCEF}
> 8.0K drwxrwx---+ 5 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {0769489D-FC31-4244-AB87-4EE2C4E20CCC}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {0A529EA3-06B6-4FE1-BC51-AB793E6A4523}
> 8.0K drwxrwx---+ 5 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {1111C19B-0CB9-4BA9-BFF1-3648F3862F93}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {31B2F340-016D-11D2-945F-00C04FB984F9}
> 8.0K drwxrwx---+ 5 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {3548966F-440A-43D9-B05E-E681AD3B58F9}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {3B09CD87-EF3C-4959-A8E8-C82B95FB5148}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {69F60D78-F2EF-41F5-863A-4B7698D939BA}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {6AC1786C-016F-11D2-945F-00C04FB984F9}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {78ADF699-01E8-4F99-84B4-7EB4430E7105}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {790FBA77-CE1A-4B93-B66B-2A97880DE31D}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {90D103E0-3AA7-4A18-8E51-501F73658A1C}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 7 2022 {B0AC4C94-9949-4FC2-8F54-CAADFDAD95D4}
> 8.0K drwxrwx---+ 5 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {B2250B1E-DDCC-4267-9816-D115CCF24735}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {B7D7E89E-002B-4FCB-80F8-534C2976483C}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Apr 15 22:10 {BE3B49C3-C557-4B1B-8B12-A1023D12D9D7}
> 8.0K drwxrwx---+ 5 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {CA510ED6-934C-47FC-B81D-6942A39D3DE6}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {D2B5681B-E6B8-4B00-AF76-D81477BD19A6}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 4 2022 {E285AB09-81A3-4AC8-9195-434B56F22D60}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Nov 28 11:20 {EB06228D-84E1-456F-8F88-06A36EA3EB4D}
> 8.0K drwxrwx---+ 4 MAD\domain admins MAD\domain admins 4.0K Feb 1 17:13 {EC8AFE87-C57A-4AE7-A9FC-8A82CB8745DA}
>
> Just as it should probably be.
>
> Sysvol permissions :
>
> ./sysvol:
> total 20K
> 8.0K drwxrwx---+ 3 root BUILTIN\administrators 4.0K May 25 21:05 .
> 4.0K drwxr-xr-x 10 root root 4.0K May 25 20:40 ..
> 8.0K drwxrwx---+ 4 root BUILTIN\administrators 4.0K Nov 7 2022 mad.mater.int
>
> ./sysvol/mad.mater.int:
> total 32K
> 8.0K drwxrwx---+ 4 root BUILTIN\administrators 4.0K Nov 7 2022 .
> 8.0K drwxrwx---+ 3 root BUILTIN\administrators 4.0K May 25 21:05 ..
> 8.0K drwxrwx---+ 27 root BUILTIN\administrators 4.0K May 25 20:56 Policies
> 8.0K drwxrwx---+ 2 root BUILTIN\administrators 4.0K Nov 4 2022 scripts
>
> Are these right ?
YES!
>
> I still can not change share permissions on the sysvol from Windows via computer manager. I get a permission denied.
if you run 'getent passwd Administrator' on the DC, what is the output ?
If there is no output (possible if the winbind links are not set up),
what is the output of 'wbinfo -i Administrator' ?
Rowland
More information about the samba
mailing list