I run the sysvolreset by without it when I duplicate the gpo (rsync) problems occurs later on windows machines perform the same on the DC that received the copy .... Regards.... Em 16-06-2017 15:08, Rowland Penny via samba escreveu:> Mine looks similar, but I am/was trying to get samba-tool to work > correctly so there are some differences. Did you know that 'Domain > Admins' is supposed to own dirs in sysvol ? which it cannot if you give > the group a gidNumber. > > I would suggest that the OP corrects the permissions on sysvol from > Windows and never runs sysvolcheck or sysvolreset again. > > Rowland
Hello! Does not really have to be done about it? : - | Regards Em 16-06-2017 16:12, Carlos A. P. Cunha escreveu:> > I run the sysvolreset by without it when I duplicate the gpo (rsync) > problems occurs later on windows machines perform the same on the DC > that received the copy .... > > Regards.... > > > > Em 16-06-2017 15:08, Rowland Penny via samba escreveu: >> Mine looks similar, but I am/was trying to get samba-tool to work >> correctly so there are some differences. Did you know that 'Domain >> Admins' is supposed to own dirs in sysvol ? which it cannot if you give >> the group a gidNumber. >> >> I would suggest that the OP corrects the permissions on sysvol from >> Windows and never runs sysvolcheck or sysvolreset again. >> >> Rowland >
On Thu, 22 Jun 2017 09:09:26 -0300 "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:> Hello! > > Does not really have to be done about it? : - | > >OK, lets be honest here, the ACLs Samba sets on sysvol are not the same that Windows does and when you add new GPOs, it gets worse. the 'Domain Admins' group needs to own directories in sysvol and if you give the group a gidNumber, the group cannot own the directories. This is because the group is both a user and a group when mapped in idmap.ldb, but when you give it a gidNumber, it becomes just a group and a group cannot own directories on Unix. I have been trying to make another devs patches work, but have run into a problem, see here: https://lists.samba.org/archive/samba-technical/2017-June/121215.html I haven't received a reply yet. I do not write 'C' code, so I have no idea how to fix this, so, until this gets fixed (if my understanding of the code is correct, of course) and I (or somebody else) fixes the python code, I cannot recommend running sysvolreset or sysvolcheck. This is my understanding of the problem, I may be wrong, but I don't think I am. Rowland