Web lists-archives.com

Re: [Samba] GPO problem ACL permission




On 26/05/2019 20:18, Epsilon Minus wrote:
The output is different:
root@DC04:~# samba-tool gpo aclcheck -Uadministrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.CLINICAGUEMES.COM.AR<0x0>
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.CLINICAGUEMES.COM.AR<0x0>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
Password for [CLINICAGUEMES\administrator]:
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20>

Is suspect the message: resolve_lmhosts: Attempting lmhosts lookup for
name dc04.example.com<0x20>

No, you have 'log level = 2' set in smb.conf, if you remove all the lines printed because of this, you get this:

root@DC04:~# samba-tool gpo aclcheck -Uadministrator
Password for [CLINICAGUEMES\administrator]:

Now, provided you did enter the password for 'Administrator', then you do not have a problem, because it didn't print an error message.

I suspect that you have a similar problem on Windows, you user doesn't have the required permission.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba