Hi,
After I successfully dumped the GPO policies on my working domain
controller I would like to reuse it on a different domain server, but
when I use the following command:
samba-tool gpo restore B59E0B93-8226-40CA-A5C8-58A7AA1D139E
/var/tmp/samba_gpo/policy/\{B59E0B93-8226-40CA-A5C8-58A7AA1D139E\}
I got this error message:
Using temporary directory /tmp/tmpo7huf4c0 (use --tmpdir to change)
ERROR(ldb): uncaught exception - LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <acl: unable to get access to
CN={76FFB9E4-B557-433E-B105-7F5C36AE54C1},CN=Policies,CN=System,DC=teszt,DC=darabanth,DC=pro
> <>
? File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
1417, in run
??? credopts, versionopts)
? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line
1239, in run
Do you have any idea what cause the problem or I use the command
incorrectly?
I have already checked the offical site ->
https://wiki.samba.org/index.php/GPO_Backup_and_Restore
My system details:
- Tranquil IT's repo
- Samba version 4.11.9
- CentOS Linux release 7.8.2003 (Core)
Yours Sincerely
Robert Csorba
On 08/07/2020 14:26, Csorba R?bert via samba wrote:> Hi, > > After I successfully dumped the GPO policies on my working domain > controller I would like to reuse it on a different domain server, but > when I use the following command: > > samba-tool gpo restore B59E0B93-8226-40CA-A5C8-58A7AA1D139E > /var/tmp/samba_gpo/policy/\{B59E0B93-8226-40CA-A5C8-58A7AA1D139E\} > > I got this error message: > > Using temporary directory /tmp/tmpo7huf4c0 (use --tmpdir to change) > ERROR(ldb): uncaught exception - LDAP error 50 > LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <acl: unable to get access to > CN={76FFB9E4-B557-433E-B105-7F5C36AE54C1},CN=Policies,CN=System,DC=teszt,DC=darabanth,DC=pro > > <> > ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", > line 186, in _run > ??? return self.run(*args, **kwargs) > ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line > 1417, in run > ??? credopts, versionopts) > ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line > 1239, in run > > Do you have any idea what cause the problem or I use the command > incorrectly?I take it you are running the command as root or with sudo, if so, try adding '-U USERNAME' to the end of the command, where 'USERNAME' is a user with permission to change AD e.g. Administrator or a member of Domain Admins. Rowland
Hi, Thank you Rowland! That did the trick. Best, Robert 2020. 07. 08. 15:54 keltez?ssel, Rowland penny via samba ?rta:> On 08/07/2020 14:26, Csorba R?bert via samba wrote: >> Hi, >> >> After I successfully dumped the GPO policies on my working domain >> controller I would like to reuse it on a different domain server, but >> when I use the following command: >> >> samba-tool gpo restore B59E0B93-8226-40CA-A5C8-58A7AA1D139E >> /var/tmp/samba_gpo/policy/\{B59E0B93-8226-40CA-A5C8-58A7AA1D139E\} >> >> I got this error message: >> >> Using temporary directory /tmp/tmpo7huf4c0 (use --tmpdir to change) >> ERROR(ldb): uncaught exception - LDAP error 50 >> LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <acl: unable to get access to >> CN={76FFB9E4-B557-433E-B105-7F5C36AE54C1},CN=Policies,CN=System,DC=teszt,DC=darabanth,DC=pro >> > <> >> ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", >> line 186, in _run >> ??? return self.run(*args, **kwargs) >> ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line >> 1417, in run >> ??? credopts, versionopts) >> ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/gpo.py", line >> 1239, in run >> >> Do you have any idea what cause the problem or I use the command >> incorrectly? > > I take it you are running the command as root or with sudo, if so, try > adding '-U USERNAME' to the end of the command, where 'USERNAME' is a > user with permission to change AD e.g. Administrator or a member of > Domain Admins. > > Rowland > > >