Web lists-archives.com

Re: [Samba] Problem sysvolreset




Hi Rowland.

But, samba automaticaly do this mapping.

root@server:/usr/local/src/samba-4.4.10# id 'domain admins'
uid=3000008(DOMAIN\domain admins) gid=3000008(DOMAIN\domain admins)
groups=3000008(DOMAIN\domain admins)


Because of this options in smb.conf:

winbind enum users = yes
winbind enum groups = yes

Can i remove this mapping only for domain admin group?

Thanks


2017-03-07 12:51 GMT-03:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Tue, 7 Mar 2017 12:23:59 -0300
> Edson Tadeu Almeida da Silveira via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> >
> >
> >
> > # samba-tool gpo aclcheck -U Administrator
> >
> > Password for [DOMAIN\Administrator]:
> > ERROR: Invalid GPO ACL
> > O:LAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;
> 0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;
> 0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> > on path
> > (cbmerj.local\Policies\{F274A070-5B45-4434-BB7C-75AE1D702A6B}),
> > should be
> > O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(
> A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;
> 0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> >
> >
> > This last error is happening to all my policies. After each police i
> > repair, another one shows up with problem and i can´t delete all
> > policies and recreate to test.
> >
> > Thanks for your help!
> >
> >
>
> Welcome to the wonderful world of SYSVOL on a Samba4 AD DC ;-)
>
> Have you set a gidNumber for Domain Admins ?
> If so remove it, Domain Admins needs to own files and dirs in sysvol
> and if the group has a gidNumber it cannot.
>
>  Note:
>   'O:LA' = owner: Local Administrator
>   'O:DA' = owner: Domain Admins
>   'G:DA' = group: Domain Admins
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 

-------------------------------------------
Edson Tadeu Almeida Silveira
http://sites.google.com/site/edsontadeu/
-------------------------------------------
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba