samba - May 2023 - More on sysvol maintenance

On 25/05/2023 20:21, Luis Peromarta via samba wrote:
> Okay here we go again. This is what I?ve done.
> 
> 1.- Created Unix Admins groups
> 2.- Remove gidNumber from Domain Admins group (10007)
> 3.- Add gidNumber 10007 to Unix Admins
> 4.- Add Unix Admins to Domain admins group
> 5.- Add me MAD\Luis to Unix Admins. I am also into Domain Admins group.
> 
> I understand on the unix side of the member server, wherever before I read
Domain Admins, I will now read Unix Admins - no other damage done.
> 
> On DC2,?I was now able to run sysvolreset, all GPOs now are (no errors
after sysvolreset and no output from sysvolcheck)
> 
> 8.0K drwxrwx---+??4 root?? ? ? ? ? ? ?BUILTIN\administrators 4.0K
Nov??7??2022 ..
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K Apr 15
22:34 {0491EEAA-BF8A-43BE-98CA-72128C7EC0EA}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {06D5E045-DF21-45AA-962A-41CB3F665FCC}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {0723DCE9-C915-492A-9423-104BE034BCEF}
> 8.0K drwxrwx---+??5 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {0769489D-FC31-4244-AB87-4EE2C4E20CCC}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {0A529EA3-06B6-4FE1-BC51-AB793E6A4523}
> 8.0K drwxrwx---+??5 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {1111C19B-0CB9-4BA9-BFF1-3648F3862F93}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {31B2F340-016D-11D2-945F-00C04FB984F9}
> 8.0K drwxrwx---+??5 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {3548966F-440A-43D9-B05E-E681AD3B58F9}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {3B09CD87-EF3C-4959-A8E8-C82B95FB5148}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {69F60D78-F2EF-41F5-863A-4B7698D939BA}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {6AC1786C-016F-11D2-945F-00C04FB984F9}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {78ADF699-01E8-4F99-84B4-7EB4430E7105}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {790FBA77-CE1A-4B93-B66B-2A97880DE31D}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {90D103E0-3AA7-4A18-8E51-501F73658A1C}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??7??2022 {B0AC4C94-9949-4FC2-8F54-CAADFDAD95D4}
> 8.0K drwxrwx---+??5 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {B2250B1E-DDCC-4267-9816-D115CCF24735}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {B7D7E89E-002B-4FCB-80F8-534C2976483C}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K Apr 15
22:10 {BE3B49C3-C557-4B1B-8B12-A1023D12D9D7}
> 8.0K drwxrwx---+??5 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {CA510ED6-934C-47FC-B81D-6942A39D3DE6}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {D2B5681B-E6B8-4B00-AF76-D81477BD19A6}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K
Nov??4??2022 {E285AB09-81A3-4AC8-9195-434B56F22D60}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K Nov 28
11:20 {EB06228D-84E1-456F-8F88-06A36EA3EB4D}
> 8.0K drwxrwx---+??4 MAD\domain admins MAD\domain admins?? ? ?4.0K Feb??1
17:13 {EC8AFE87-C57A-4AE7-A9FC-8A82CB8745DA}
> 
> Just as it should probably be.
> 
> Sysvol permissions :
> 
> ./sysvol:
> total 20K
> 8.0K drwxrwx---+??3 root BUILTIN\administrators 4.0K May 25 21:05 .
> 4.0K drwxr-xr-x??10 root root? ? ? ? ? ? ? ? ? ?4.0K May 25 20:40 ..
> 8.0K drwxrwx---+??4 root BUILTIN\administrators 4.0K Nov??7??2022
mad.mater.int
> 
> ./sysvol/mad.mater.int:
> total 32K
> 8.0K drwxrwx---+??4 root BUILTIN\administrators 4.0K Nov??7??2022 .
> 8.0K drwxrwx---+??3 root BUILTIN\administrators 4.0K May 25 21:05 ..
> 8.0K drwxrwx---+ 27 root BUILTIN\administrators 4.0K May 25 20:56 Policies
> 8.0K drwxrwx---+??2 root BUILTIN\administrators 4.0K Nov??4??2022 scripts
> 
> Are these right ?
YES!
> 
> I still can not change share permissions on the sysvol from Windows via
computer manager. I get a permission denied.
if you run 'getent passwd Administrator' on the DC, what is the output ?

If there is no output (possible if the winbind links are not set up), 
what is the output of 'wbinfo -i Administrator' ?

Rowland

root at bwing:~# wbinfo -i Administrator
MAD\administrator:*:0:10000::/home/MAD/administrator:/bin/false
On 25 May 2023 at 21:32 +0200, samba at lists.samba.org,
wrote:
>
> If there is no output (possible if the winbind links are not set up),
> what is the output of 'wbinfo -i Administrator' ?

root at bwing:/var/lib/samba# getent passwd Administrator
MAD\administrator:*:0:10000::/home/MAD/administrator:/bin/false
On 25 May 2023 at 21:32 +0200, samba at lists.samba.org,
wrote:
>
> getent passwd Administrator