Rowland Penny
2024-Apr-18 14:07 UTC
[Samba] Samba-tool gpo manage - The authenticated user does not have sufficient privileges
On Thu, 18 Apr 2024 12:14:20 +0200 Jaros?aw K?opotek - INTERDUO via samba <samba at lists.samba.org> wrote:> W dniu 18.04.2024 o?12:01, Jaros?aw K?opotek - INTERDUO via samba > pisze: > > > > W dniu 18.04.2024 o?09:56, Rowland Penny via samba pisze: > >> On Thu, 18 Apr 2024 09:03:10 +0200 > >> Jaros?aw K?opotek - INTERDUO via samba<samba at lists.samba.org> > >> wrote: > >> > >>> Hi all, > >>> > >>> I run cmd: > >>> samba-tool gpo manage scripts startup add \ > >>> {31B2F340-016D-11D2-945F-00C04FB984F9} \ > >>> /var/lib/samba/sysvol/fartest.local/scripts/startup.bat > >> Are you running the command as root or with sudo ? > > as root > >>> with result: > >>> [cut] > >>> ERROR: The authenticated user does not have sufficient privileges > >>> ? ? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", > >>> line 3230, in run > >>> ? ??? create_directory_hier(conn, vgp_dir) > >>> ? ? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", > >>> line 383, in create_directory_hier > >>> ? ??? conn.mkdir(path) > >>> signed SMB2 message (sign_algo_id=2) > >>> > >>> I tried also this cmd with -UAdministrator but the same error > >>> appears. > >>> > >>> Is this normal? > >>> If yes where to configure this permissions? > >> What version of Samba are you using, there have been a few updates > >> in the area that is failing for you. > > ii? samba??????????????????? 2:4.17.12+dfsg-0+deb12u1 amd64 > > SMB/CIFS file, print, and login server for Unix > > ii? samba-ad-provision?????? 2:4.17.12+dfsg-0+deb12u1 all Samba > > files needed for AD domain provision > > un? samba-client???????????? <none> <none>?????? (no description > > available) > > ii? samba-common???????????? 2:4.17.12+dfsg-0+deb12u1 all common > > files used by both the Samba server and cli> > > ii? samba-common-bin???????? 2:4.17.12+dfsg-0+deb12u1 amd64 Samba > > common files used by both the server and the> > > ii samba-dsdb-modules:amd64 2:4.17.12+dfsg-0+deb12u1 amd64 Samba > > Directory Services Database > > ii samba-libs:amd64???????? 2:4.17.12+dfsg-0+deb12u1 amd64 Samba > > core libraries > > un? samba-testsuite????????? <none> <none>?????? (no description > > available) > > ii samba-vfs-modules:amd64? 2:4.17.12+dfsg-0+deb12u1 amd64 Samba > > Virtual FileSystem pluginsIn other words use newest available in > > Debian 12 stable repo. > > Additionally I tested samba from unstable repository > > Other lines errored: > ERROR: The authenticated user does not have sufficient privileges > ? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line > 3571, in run > ??? create_directory_hier(conn, vgp_dir) > ? File "/usr/lib/python3/dist-packages/samba/netcmd/gpcommon.py", > line 39, in create_directory_hier > ??? conn.mkdir(path) > > dpkg -l samba* > ii? samba??????????????????? 2:4.19.6+dfsg-1 amd64??????? SMB/CIFS > file, print,> > ii? samba-ad-provision?????? 2:4.19.6+dfsg-1 all????????? Samba files > needed fo> > un? samba-client???????????? <none> <none>?????? (no description > avail> ii? samba-common???????????? 2:4.19.6+dfsg-1 all > avail> common files > used by > > ii? samba-common-bin???????? 2:4.19.6+dfsg-1 amd64??????? Samba > common files us> > ii? samba-dsdb-modules:amd64 2:4.19.6+dfsg-1 amd64??????? Samba > Directory Servi> > ii? samba-libs:amd64???????? 2:4.19.6+dfsg-1 amd64??????? Samba core > libraries > un? samba-testsuite????????? <none> <none>?????? (no description > avail> ii? samba-vfs-modules:amd64? 2:4.19.6+dfsg-1 amd64 > avail> Samba Virtual > FileS >OK, After reading the commands help, I created a simple script and ran the command like this: adminuser at tmpdc1:~ $ sudo samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh -Uadministrator After being prompted for the Administrator password, the command appeared to complete without error. However, I couldn't find the script in sysvol on the DC I ran the command on, but after checking the other two DCs, I found this: adminuser at rpidc2:~ $ sudo cat /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/VGP/VTLA/Unix/Scripts/Startup/test_script.sh #!/bin/bash echo "Hello World" exit 0 I have no idea why the script was created on another DC instead of the DC the command was run on, the DC uses itself for its nameserver. Rowland
David Mulder
2024-Apr-18 16:05 UTC
[Samba] Samba-tool gpo manage - The authenticated user does not have sufficient privileges
On 4/18/24 8:07 AM, Rowland Penny via samba wrote:> OK, After reading the commands help, I created a simple script and ran > the command like this: > > adminuser at tmpdc1:~ $ sudo samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh -UadministratorThere is no reason to run this command as root. It operates via SMB, not on local files.> After being prompted for the Administrator password, the command > appeared to complete without error. > > However, I couldn't find the script in sysvol on the DC I ran the > command on, but after checking the other two DCs, I found this: > > adminuser at rpidc2:~ $ sudo cat /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/VGP/VTLA/Unix/Scripts/Startup/test_script.sh > #!/bin/bash > > echo "Hello World" > > exit 0 > > I have no idea why the script was created on another DC instead of the > DC the command was run on, the DC uses itself for its nameserver.We've had this discussion before. This command does not run on the current host, it contacts *one of the DCs* and sets it there. It should then be replicated to the others. -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com
Apparently Analagous Threads
- Samba-tool gpo manage - The authenticated user does not have sufficient privileges
- Samba-tool gpo manage - The authenticated user does not have sufficient privileges
- Samba-tool gpo manage - The authenticated user does not have sufficient privileges
- Samba-tool gpo manage - The authenticated user does not have sufficient privileges
- Samba-tool gpo manage - The authenticated user does not have sufficient privileges