Web lists-archives.com

Re: [Samba] Problem sysvolreset

On Tue, 7 Mar 2017 12:23:59 -0300
Edson Tadeu Almeida da Silveira via samba <samba@xxxxxxxxxxxxxxx> wrote:

> # samba-tool gpo aclcheck -U Administrator
> Password for [DOMAIN\Administrator]:
> ERROR: Invalid GPO ACL
> O:LAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> on path
> (cbmerj.local\Policies\{F274A070-5B45-4434-BB7C-75AE1D702A6B}),
> should be
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> This last error is happening to all my policies. After each police i
> repair, another one shows up with problem and i can´t delete all
> policies and recreate to test.
> Thanks for your help!

Welcome to the wonderful world of SYSVOL on a Samba4 AD DC ;-)

Have you set a gidNumber for Domain Admins ?
If so remove it, Domain Admins needs to own files and dirs in sysvol
and if the group has a gidNumber it cannot.

  'O:LA' = owner: Local Administrator
  'O:DA' = owner: Domain Admins 
  'G:DA' = group: Domain Admins


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba