[Samba] Samba-tool gpo manage - The authenticated user does not have sufficient privileges
Kees van Vloten
keesvanvloten at gmail.com
Fri Apr 19 09:00:23 UTC 2024
On 19-04-2024 10:33, Jarosław Kłopotek - INTERDUO via samba wrote:
> W dniu 19.04.2024 o 09:59, Jarosław Kłopotek - INTERDUO via samba pisze:
>> W dniu 18.04.2024 o 18:11, David Mulder via samba pisze:
>>> On 4/18/24 1:03 AM, Jarosław Kłopotek - INTERDUO via samba wrote:
>>>> Hi all,
>>>>
>>>> I run cmd:
>>>> samba-tool gpo manage scripts startup add \
>>>> {31B2F340-016D-11D2-945F-00C04FB984F9} \
>>>> /var/lib/samba/sysvol/fartest.local/scripts/startup.bat
>>>>
>>>> with result:
>>>> [cut]
>>>> ERROR: The authenticated user does not have sufficient privileges
>>>> File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line
>>>> 3230, in run
>>>> create_directory_hier(conn, vgp_dir)
>>>> File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line
>>>> 383, in create_directory_hier
>>>> conn.mkdir(path)
>>>> signed SMB2 message (sign_algo_id=2)
>>>
>>> You've authenticated an SMB session, and your user is attempting to
>>> create a directory on the share, but is getting a permissions error.
>>> If this is happening for the Administrator, then you clearly have a
>>> permissions issue on your sysvol share. Try running `samba-tool
>>> ntacl sysvolreset`.
>> This not helped ... but adding read only = no in [sysvol] share helped.
>> Thanks for leading to solution.
> And I also changed -UAdministrator to -Uadministrator.
>
It looks like it fails on "conn.mkdir(path)", i.e. creating a directory.
This is a filesystem operation happening over smb, i.e. filesystem
permissions apply.
Did you check that the permissions (mode permissions, posix-acls,
nt-acls) on directory are correct? This can be fixed by running
"samba-tool ntacl sysvolreset".
Did you check that idmapping of your user is the same on all DCs
including the content of "/var/lib/samba/private/idmap.ldb"? More info
on idmap.ldb:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
- Kees.
More information about the samba
mailing list