Rene Llanes
2015-Jun-12 15:20 UTC
[Samba] samba 4.1.13 not applying domain policy in windows XP clients
Hello,
i configured group policy via RSAT in my samba 4.1.13 implementation the
policy applies correctly to my windows 7 clients but not to my windows
XP clients.
when i run gpupdate /force in windows XP it replies that the policies
are apply correctly .... when i run
./samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception -
ProvisioningError: DB ACL on GPO directory
/usr/local/samba/var/locks/sysvol/XX.XXXX.XXX/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}
O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)
from GPO object
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line 249, in run
lp)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1726, in checksysvolacl
direct_db_access)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1677, in check_gpos_acl
domainsid, direct_db_access)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1624, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not
match expected value %s from GPO object' % (acl_type(direct_db_access),
path, fsacl_sddl, acl))
root at pdc:/usr/local/samba/bin#
root at pdc:/usr/local/samba/bin# gpupdate /force
bash: gpupdate: command not found
^C ba/bin#
root at pdc:/usr/local/samba/bin# ^C
root at pdc:/usr/local/samba/bin# ./samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo.py",
line
1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
my question are ... are this errors related with my initial issue ...can
i fix it with samba-tool ntactl sysvolreset??? ... what exactly this
command does ...
thanx in advance
L.P.H. van Belle
2015-Jun-16 07:31 UTC
[Samba] samba 4.1.13 not applying domain policy in windows XP clients
samba-tool ntactl sysvolreset wil reset the rights on your sysvol. Thats the first your should try since it looks like an rights problem. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rllanes at scvc.artex.cu >[mailto:samba-bounces at lists.samba.org] Namens Rene Llanes >Verzonden: vrijdag 12 juni 2015 17:20 >Aan: samba at lists.samba.org >Onderwerp: [Samba] samba 4.1.13 not applying domain policy in >windows XP clients > >Hello, > >i configured group policy via RSAT in my samba 4.1.13 >implementation the >policy applies correctly to my windows 7 clients but not to my windows >XP clients. > >when i run gpupdate /force in windows XP it replies that the policies >are apply correctly .... when i run > >./samba-tool ntacl sysvolcheck >ERROR(<class 'samba.provision.ProvisioningError'>): uncaught >exception - >ProvisioningError: DB ACL on GPO directory >/usr/local/samba/var/locks/sysvol/XX.XXXX.XXX/Policies/{6AC1786 >C-016F-11D2-945F-00C04FB984F9} >O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A >;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0 >1ff;;;SY)(A;OICI;0x001200a9;;;ED) >does not match expected value >O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A >;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0 >1ff;;;SY)(A;OICI;0x001200a9;;;ED) >from GPO object > File >"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in >it__.py", >line 175, in _run > return self.run(*args, **kwargs) > File >"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", >line 249, in run > lp) > File >"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_ >_init__.py", >line 1726, in checksysvolacl > direct_db_access) > File >"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_ >_init__.py", >line 1677, in check_gpos_acl > domainsid, direct_db_access) > File >"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_ >_init__.py", >line 1624, in check_dir_acl > raise ProvisioningError('%s ACL on GPO directory %s %s does not >match expected value %s from GPO object' % >(acl_type(direct_db_access), >path, fsacl_sddl, acl)) >root at pdc:/usr/local/samba/bin# >root at pdc:/usr/local/samba/bin# gpupdate /force >bash: gpupdate: command not found >^C ba/bin# >root at pdc:/usr/local/samba/bin# ^C >root at pdc:/usr/local/samba/bin# ./samba-tool gpo aclcheck >ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No >such element' > File >"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in >it__.py", >line 175, in _run > return self.run(*args, **kwargs) > File >"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo. >py", line >1150, in run > ds_sd_ndr = m['nTSecurityDescriptor'][0] > > >my question are ... are this errors related with my initial >issue ...can >i fix it with samba-tool ntactl sysvolreset??? ... what exactly this >command does ... > >thanx in advance >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >