Web lists-archives.com

Re: [Samba] Fwd: AD Policies are not applying properly




On 6/22/2017 9:41 AM, Anantha Raghava via samba wrote:
Hi,

No solutions to get out of this?

Not sure exactly what your issue is but based on your error Samba is reporting the following on that particular Policy;

 * Lost Allow Object and Container inheritance on each ACE.
 * Create Owner missing ACE and you have Built in Administrators with
   an ACE
 * You have the primary owner as Built in Administrators Group. Samba
   expects it to be Domain Administrators Group
 * Primary Group you have as Domain users. Samba expects it to be
   Domain Administrators.
 * Samba expects the SE_DACL_Protected flag be set.

Are you using RFC2307 in your smb.conf? Did you assign Domain Admins a Unix GID(You shouldn't)? Have you run 'samba-tool ntacl sysvolreset' to see if Samba could correct the permissions?

--
--
James

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba