Hi Samba Team! It's me again I'm having some issues with gpo's and sysvol access. I've installed samba 4.12.7. using idmap_ldb:use rfc2307 When I tried to create a gpo using the rsat tools I got a Permission Denied error. Among other things, I have run: samba-tool ntacl sysvolreset Also I added to smb.conf acl_xattr:ignore system acls = yes in sysvol and netlogon sections. I tried to add 777 permissions to sysvol directory and used the github script "samba-check-set-sysvol.sh" but the problem persists. I got this error ==> log.smbd <=[2020/10/13 14:56:20.544071, 0] ../../source3/smbd/service.c:183(chdir_current_service) chdir_current_service: vfs_ChDir(/var/samba/locks/locks/sysvol) failed: Permission denied. Current token: uid=3000020, gid=3000004, 12 groups: 3000020 3000004 3000005 3000021 3000008 100 3000014 3000015 3000003 3000000 3000009 3000016 Any Ideas? Greetings Thanks in advance Juan Franco
On 13/10/2020 19:24, Franco Suarez via samba wrote:> Hi Samba Team! > > It's me again I'm having some issues with gpo's and sysvol access.Strange as it might seem, I do not remember you :-)> > I've installed samba 4.12.7. using idmap_ldb:use rfc2307Yes, but what on and how ?> > When I tried to create a gpo using the rsat tools I got a Permission Denied > error. > > Among other things, I have run: > samba-tool ntacl sysvolreset > > Also I added to smb.conf > acl_xattr:ignore system acls = yes > in sysvol and netlogon sections. > I tried to add 777 permissions to sysvol directory and used the github > script "samba-check-set-sysvol.sh" > > but the problem persists. > > I got this error > ==> log.smbd <=> [2020/10/13 14:56:20.544071, 0] > ../../source3/smbd/service.c:183(chdir_current_service) > chdir_current_service: vfs_ChDir(/var/samba/locks/locks/sysvol) failed: > Permission denied. Current token: uid=3000020, gid=3000004, 12 groups: > 3000020 3000004 3000005 3000021 3000008 100 3000014 3000015 3000003 3000000 > 3000009 3000016It doesn't look like you have modified anything in AD, but that is just about all I can tell about you domain from what you have posted. What OS ? Are you using the OS Samba packages, third party packages or have you compiled Samba yourself ? Is this the only DC and are you using it as a fileserver ? (not recommended) Please post your smb.conf Rowland
Hi Rowland.
I'm using CentOS 8.2.2004
The Samba is compiled from sources, it's the only DC and I'm not using
it
as a fileserver.
# Global parameters
[global]
dns forwarder = 10.30.251.70
netbios name = SAMBA4-01
realm = LARRY.LAN
server role = active directory domain controller
workgroup = LARRY
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/larry.lan/scripts
read only = No
Thanks!
El mar., 13 oct. 2020 a las 15:48, Rowland penny via samba (<
samba at lists.samba.org>) escribi?:
> On 13/10/2020 19:24, Franco Suarez via samba wrote:
> > Hi Samba Team!
> >
> > It's me again I'm having some issues with gpo's and sysvol
access.
> Strange as it might seem, I do not remember you :-)
> >
> > I've installed samba 4.12.7. using idmap_ldb:use rfc2307
> Yes, but what on and how ?
> >
> > When I tried to create a gpo using the rsat tools I got a Permission
> Denied
> > error.
> >
> > Among other things, I have run:
> > samba-tool ntacl sysvolreset
> >
> > Also I added to smb.conf
> > acl_xattr:ignore system acls = yes
> > in sysvol and netlogon sections.
> > I tried to add 777 permissions to sysvol directory and used the
github
> > script "samba-check-set-sysvol.sh"
> >
> > but the problem persists.
> >
> > I got this error
> > ==> log.smbd <=> > [2020/10/13 14:56:20.544071, 0]
> > ../../source3/smbd/service.c:183(chdir_current_service)
> > chdir_current_service: vfs_ChDir(/var/samba/locks/locks/sysvol)
> failed:
> > Permission denied. Current token: uid=3000020, gid=3000004, 12 groups:
> > 3000020 3000004 3000005 3000021 3000008 100 3000014 3000015 3000003
> 3000000
> > 3000009 3000016
>
> It doesn't look like you have modified anything in AD, but that is just
> about all I can tell about you domain from what you have posted.
>
> What OS ?
>
> Are you using the OS Samba packages, third party packages or have you
> compiled Samba yourself ?
>
> Is this the only DC and are you using it as a fileserver ? (not
> recommended)
>
> Please post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>