search for: se_dacl_protect

...ba List, hope you're doing well all. We have realized a security audit of our Samba4 Active Directory. It returns that the security descriptors options of all our GPO objects are wrong. They should be : SE_DACL_AUTO_INHERITED SE_DACL_PRESENT instead of this, the options are by default : SE_DACL_PROTECTED SE_DACL_PRESENT We can change the options, but the "sysvolreset" command of samba-tool revert our changes at every run. (BTW we use sysvolreset because "sysvolcheck" returns errors after each GPO creation, without knowing why). So there are multiple questions in one :...

...issing ACE and you have Built in Administrators with an ACE * You have the primary owner as Built in Administrators Group. Samba expects it to be Domain Administrators Group * Primary Group you have as Domain users. Samba expects it to be Domain Administrators. * Samba expects the SE_DACL_Protected flag be set. Are you using RFC2307 in your smb.conf? Did you assign Domain Admins a Unix GID(You shouldn't)? Have you run 'samba-tool ntacl sysvolreset' to see if Samba could correct the permissions? -- -- James

I have a Centos 3 server running Samba 3.0.28. It's a member of an AD domain on a Windows Server 2003 R2 Standard x64 SP2 box. From the W2K3 server I can see the samba share I created. Using the Security tab in the Windows Explorer file properties dialog I can add and remove users and change their permissions. However, in the Permissions tab of the Advanced Security Settings dialog,

Hi, We have been consistently having issues with GPO and they are not consistent. We are using version 4.6.3 with BIND DNS Backend. As suggested in some of our previous communications, when we run the samba-tool ntacl sysvolcheck it results in the error as detailed below. [root at dc1 ~]# samba-tool ntacl sysvolcheck lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: