I have a samba4 domain with two r/w directory controllers.
Second servers sysvol share doesn't allow access to normal users, only
admin users can access share.
Problem is same with both: ntvfs and s3fs.
Sysvolreset doesn't help and sysvolcheck doesn't complain anything.
posix file acls are identical with the first server which works ok.
I have granted rights for Everyone, specific user and Domain Users group,
but the result is always same.
Here is log for admin user accessing the share:
-----------------
Successfully converted security token to a unix token:Security token SIDs
(17):
SID[ 0]: S-1-5-21-xxx-xxx-xxx-1005
SID[ 1]: S-1-5-21-xxx-xxx-xxx-513
SID[ 2]: S-1-5-21-xxx-xxx-xxx-1010
SID[ 3]: S-1-5-21-xxx-xxx-xxx-1747
SID[ 4]: S-1-5-21-xxx-xxx-xxx-1011
SID[ 5]: S-1-5-21-xxx-xxx-xxx-2612
SID[ 6]: S-1-5-21-xxx-xxx-xxx-1026
SID[ 7]: S-1-5-21-xxx-xxx-xxx-512
SID[ 8]: S-1-5-21-xxx-xxx-xxx-572
SID[ 9]: S-1-5-21-xxx-xxx-xxx-1181
SID[ 10]: S-1-5-21-xxx-xxx-xxx-520
SID[ 11]: S-1-5-32-550
SID[ 12]: S-1-5-32-545
SID[ 13]: S-1-5-32-544
SID[ 14]: S-1-1-0
SID[ 15]: S-1-5-2
SID[ 16]: S-1-5-11
Privileges (0x 1FFFFF00):
Privilege[ 0]: SeTakeOwnershipPrivilege
Privilege[ 1]: SeBackupPrivilege
Privilege[ 2]: SeRestorePrivilege
Privilege[ 3]: SeRemoteShutdownPrivilege
Privilege[ 4]: SeSecurityPrivilege
Privilege[ 5]: SeSystemtimePrivilege
Privilege[ 6]: SeShutdownPrivilege
Privilege[ 7]: SeDebugPrivilege
Privilege[ 8]: SeSystemEnvironmentPrivilege
Privilege[ 9]: SeSystemProfilePrivilege
Privilege[ 10]: SeProfileSingleProcessPrivilege
Privilege[ 11]: SeIncreaseBasePriorityPrivilege
Privilege[ 12]: SeLoadDriverPrivilege
Privilege[ 13]: SeCreatePagefilePrivilege
Privilege[ 14]: SeIncreaseQuotaPrivilege
Privilege[ 15]: SeChangeNotifyPrivilege
Privilege[ 16]: SeUndockPrivilege
Privilege[ 17]: SeManageVolumePrivilege
Privilege[ 18]: SeImpersonatePrivilege
Privilege[ 19]: SeCreateGlobalPrivilege
Privilege[ 20]: SeEnableDelegationPrivilege
Rights (0x 403):
Right[ 0]: SeInteractiveLogonRight
Right[ 1]: SeNetworkLogonRight
Right[ 2]: SeRemoteInteractiveLogonRight
----------------
And as normal user:
----------------
Successfully converted security token to a unix token:Security token SIDs
(6):
SID[ 0]: S-1-5-21-xxx-xxx-xxx-1345
SID[ 1]: S-1-5-21-xxx-xxx-xxx-513
SID[ 2]: S-1-5-32-545
SID[ 3]: S-1-1-0
SID[ 4]: S-1-5-2
SID[ 5]: S-1-5-11
Privileges (0x 0):
Rights (0x 0):