[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol

Wed Mar 26 16:48:05 UTC 2025

On Wed, 26 Mar 2025 09:13:09 -0600
Rick Hollinbeck via samba <samba at lists.samba.org> wrote:

> Rowland and Michael...
> 
> Thanks for the help - it sounds like I should be close to getting
> this working.
> 
> More troubleshooting...
> 
> Here is what my test Samba AD has after being freshly provisioned:
> 
> [drwxr-xr-x root     root    ] 
> /var/lib/samba/sysvol/sambatest327.com/Policies
> 
> ├── [drwxr-xr-x root     root    ]
> {31B2F340-016D-11D2-945F-00C04FB984F9} │   ├── [-rwxrwx--- root
> 3000000 ]  GPT.INI │   ├── [drwxr-xr-x root     root    ]  MACHINE
> │   └── [drwxr-xr-x root     3000000 ]  USER
> └── [drwxr-xr-x root     root    ]
> {6AC1786C-016F-11D2-945F-00C04FB984F9} ├── [-rw-r--r-- root     root
>   ]  GPT.INI ├── [drwxr-xr-x root     root    ]  MACHINE
>      └── [drwxr-xr-x root     root    ]  USER
> 
> Here is what my broken Samba 4.17.12 has:
> 
> [drwxr-xr-x root     root    ] 
> /var/lib/samba/sysvol/samdom.example.com/Policies
> 
> ├── [drwxrwx--- root     BUILTIN\administrators] 
> {31B2F340-016D-11D2-945F-00C04FB984F9}
> │   ├── [-rwxrwx--- root     BUILTIN\administrators]  GPT.INI
> │   ├── [drwxrwx--- root     BUILTIN\administrators]  MACHINE
> │   └── [drwxrwx--- root     BUILTIN\administrators]  USER
> └── [drwxrwx--- root     BUILTIN\administrators] 
> {6AC1786C-016F-11D2-945F-00C04FB984F9}
>      ├── [-rwxrwx--- root     BUILTIN\administrators]  GPT.INI
>      ├── [drwxrwx--- root     BUILTIN\administrators]  MACHINE
>      └── [drwxrwx--- root     BUILTIN\administrators]  USER
> 
> So... just a slight difference in the group ownership.

Possibly not, have you installed the winbind nss links, the 3000000 ID
suggests you haven't and that is probably the xidNumber for
BUILTIN\administrators.

Anyway this is what my sysvol is set to after running sysvolreset (yes,
it does work ;-) )

 [drwxrwx--- root BUILTIN\administrators] /var/lib/samba/sysvol
  |
  [drwxrwx--- root BUILTIN\administrators] samdom.example.com
     |
     [drwxrwx--- root BUILTIN\administrators] Policies
     |  |
     |  [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {31B2F340-016D-11D2-945F-00C04FB984F9}
     |  |  |
     |  |  [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI
     |  |  [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE
     |  |  [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER
     |  |
     |  [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {6AC1786C-016F-11D2-945F-00C04FB984F9}
     |     |
     |     [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI
     |     [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE
     |     [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER
     |
     [drwxrwx--- root BUILTIN\administrators] scripts

Rowland