On Thu, 03 Nov 2016 15:10:11 +0100
Janning Schmidt <janning.schmidt at xinux.de> wrote:
> Hi.
>
> It´s a virtual machine on an esxi-server, if that was what you meant.
>
> The Version is "Version 4.1.6-Ubuntu"
>
> There where no modifications done before this error showed up the
> first time.
>
> And the smb.conf-file is:
>
> root at serverx:~# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> workgroup = JOLA-INTRA
> realm = jola-intra.lan
> netbios name = SERVERX
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> #log level = 5
>
> allow dns updates = nonsecure
> server services = -dns
> vfs objects = recycle
> recycle:repository = /mount/recyclebin
> recycle:directory_mode = 1770
> recycle:exclude = recyclebin
> [netlogon]
> path = /var/lib/samba/sysvol/jola-intra.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>
> [profiles]
> path = /mount/daten/samba/profiles
> browseable = No
> writeable = yes
> create mask = 0600
> directory mask = 0700
> [home]
> path = /mount/daten/home/
> read only = No
>
> Am 03.11.2016 um 14:39 schrieb Rowland Penny via samba:
> > On Thu, 03 Nov 2016 14:23:07 +0100
> > Janning Schmidt via samba <samba at lists.samba.org> wrote:
> >
> >> Hello.
> >>
> >> I have a Problem with creating a GPO on Samba. Each time I try to
> >> create a new one, it shows "The security id may not be
assigned as
> >> the owner of this object". I've already checked the
sysvol-folder
> >> and it seems to have the correct permissions. I also checked the
> >> Account-Permissions (I'm the build-in Administrator, when
trying
> >> this) and I also checked the connection to the dc. I even tried
> >> using different Versions of Windows (7, 8.1) all with the same
> >> error. Could you please tell me what to do and how to fix this?
> >> The internet doesn't show anything helpful. If you need
further
> >> data, write me back, and I'll provide it.
> >>
> >> greetings
> >>
> > How did you provision the Samba DC ?
> > What version of Samba ?
> > Have you modified anything ?
> > Can you post your smb.conf
> >
> > Rowland
> >
>
first obvious mistake ;-)
The two 'server services' lines mean the same thing, so you might as
well remove the second one.
Is avahi running on the DC, if so, I would suggest stopping it.
You really should use windows ACLs on the DC, see here for how to set
up the profiles dir:
https://wiki.samba.org/index.php/Implementing_roaming_profiles
But your main problem is probably that Ubuntu doesn't have a root user
and Administrator is mapped to ID '0' in idmap.ldb, so you might have
to give 'root' a password.
Rowland