Re: [Samba] Can't create/update Group Policy in Samba 4.6.5
- Date: Sun, 2 Jul 2017 16:26:51 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Can't create/update Group Policy in Samba 4.6.5
On Sun, 2 Jul 2017 11:30:32 -0300
Marcio Demetrio Bacci via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I'm using Samba 4.6.5 and I have installed as follows:
> wget -c https://download.samba.org/pub/samba/stable/samba-4.6.5.tar.gz
> tar -xzvf samba-4.6.5.tar.gz
> cd samba-4.6.5
> ./configure --enable-debug --enable-selftest
Why ? you only need './configure' , unless you are going to run the
> make install
> It seems that is working properly, however I can't create or update
> GPO with Windows Group Policy Management tool.
> When I try, "Denied Access" message appear.
> I'm using an user that is member of "Domain Admins", "Domain
> Computers", "Domain Controllers", "Group Policy Creators Owners" and
> "Domain Users".
> When I run "samba-tool ntacl sysvolreset" command, appear the
> following errors:
> root@dc1:/usr/local/samba/bin# ./samba-tool ntacl sysvolreset
Why are you running samba-tool like that, haven't you set up your PATH
correctly, if you run (in a terminal):
it should return your path and that should start like this:
If your PATH is set correctly, you should be able to run samba-tool
from anywhere, from /root for instance.
> I have verified that permissions on my files in
> "/usr/local/samba/var/locks/" are like this:
> ls -l /usr/local/samba/var/locks/
> total 1384
> -rw------- 1 root staff 421888 Mai 15 21:57 account_policy.tdb
> -rw------- 1 root staff 528384 Mai 15 21:57 registry.tdb
> -rw------- 1 root staff 421888 Mai 15 21:57 share_info.tdb
> drwxr-sr-x 3 root 30056 4096 Jul 1 19:40 sysvol
> -rw------- 1 root staff 32768 Jul 1 19:45 winbindd_cache.tdb
> drwxr-s--- 2 root staff 4096 Jul 1 19:45 winbindd_privileged
Who is '30056' ?
Have you given 'Administrator' a uidNumber ?
Have you given 'Domain Admins' the 'SeDiskOperatorPrivilege' ?
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> acl_xattr:ignore system acls = yes
You should remove the above line, it isn't required.
To unsubscribe from this list go to the following URL and read the