[Samba] samba4, GPO and SYSVOL permissions errors
Leo Lutz
skeemer at gmail.com
Wed Jan 5 19:38:07 MST 2011
On Thu, Jan 6, 2011 at 04:10, Michael Wood <esiotrot at gmail.com> wrote:
> Hi
>
> samba-technical is a better place for this while samba 4 is still in
> Alpha. I have copied my reply there.
>
> On 5 January 2011 11:50, Leo Lutz <skeemer at gmail.com> wrote:
>> I'm getting an interesting problem. I can create/rename/delete/edit policies,
>> but I can't change the security filtering or delegation settings.
>>
>> When I first open any policy, I get the following:
>>
>> "The permissions for this GPO in the SYSVOL folder are inconsistent with those
>> in Active Directory. It is recommended that these permissions be consistent.
>> To change the SYSVOL permissions to those in Active Directory, click OK."
>>
>> So I click OK and I get "Access is denied."
>>
>> The error I get in samba.log follows:
>>
>> [Wed Jan 5 18:34:18 2011 PWT, 0
>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>> ../ntvfs/posix/pvfs_acl.c:567 denied access to
>> '/var/lib/samba/sysvol/pcd.example.com/Policies/
>> {3D1F2B0A-B0F7-44C1-BA1A-2C5D03DFC0ED}' -
>> wanted 0x00060000 but got 0xfef3ffff (missing 0x00040000)
>>
>> How do I fix this?
>
> What version of Samba 4 is that?
4.0.0alpha12-GIT-UNKNOWN
> Have you tried increasing the debug level to see if it gives you more
> information?
Nope, this is all new to me. What's the default level and what should
I up it too?
> What ACLs do you have on the Policies directory?
Everyone and Administrators groups have read access. Administrator has
full access, but even logged in as that account, I run into problems.
The permissions of each policy's directory are a jumbled mess. I would
have thought there would be some inheritance being used.
>
> --
> Michael Wood <esiotrot at gmail.com>
>
cheers!
Leo
More information about the samba-technical
mailing list