I have setup an samba 4 AD DC. The Domain Administrator SAMDOM\Administrator can't create GPO (access denied). SAMDOM\Administrator is member of Domain Admins group. I have try samba-tool ntacl sysvolreset samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix samba-tool dbcheck --cross-ncs --fix without success.
Fixed, no Write permission on sysvol share. On 11.03.20 09:09, basti via samba wrote:> I have setup an samba 4 AD DC. > The Domain Administrator SAMDOM\Administrator can't create GPO (access > denied). > SAMDOM\Administrator is member of Domain Admins group. > > I have try > samba-tool ntacl sysvolreset > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > samba-tool dbcheck --cross-ncs --fix > > without success. > >
Hai, What are the share rights and the folder rights on the system? Use getfacl for the folder rights These rights. (/var/lib/samba/) sysvol sysvol/you.dom.tld/ Lookup the share rights from within windows with user DOM\Administrator Make a print screen and pm me the email. I'll have a look. I have a few min atm. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > basti via samba > Verzonden: donderdag 12 maart 2020 15:17 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Domain Admin can't create GPO > > Fixed, no Write permission on sysvol share. > > On 11.03.20 09:09, basti via samba wrote: > > I have setup an samba 4 AD DC. > > The Domain Administrator SAMDOM\Administrator can't create > GPO (access > > denied). > > SAMDOM\Administrator is member of Domain Admins group. > > > > I have try > > samba-tool ntacl sysvolreset > > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > > samba-tool dbcheck --cross-ncs --fix > > > > without success. > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
THX Louis, the share was write able = no in smb.conf. On 12.03.20 15:34, L.P.H. van Belle via samba wrote:> Hai, > > What are the share rights and the folder rights on the system? > > Use getfacl for the folder rights > These rights. (/var/lib/samba/) sysvol sysvol/you.dom.tld/ > > Lookup the share rights from within windows with user DOM\Administrator > Make a print screen and pm me the email. > I'll have a look. > > I have a few min atm. > > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> basti via samba >> Verzonden: donderdag 12 maart 2020 15:17 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Domain Admin can't create GPO >> >> Fixed, no Write permission on sysvol share. >> >> On 11.03.20 09:09, basti via samba wrote: >>> I have setup an samba 4 AD DC. >>> The Domain Administrator SAMDOM\Administrator can't create >> GPO (access >>> denied). >>> SAMDOM\Administrator is member of Domain Admins group. >>> >>> I have try >>> samba-tool ntacl sysvolreset >>> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix >>> samba-tool dbcheck --cross-ncs --fix >>> >>> without success. >>> >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > >