similar to: ntacl sysvolreset does not create correct ACL's

I have two domain controller servers, with samba in version 4.18 On both DCs both the Sysvol share and the subdirectories (including GPOs) have the same permission: getfacl /usr/local/samba/var/lib/samba/sysvol # file: usr/local/samba/var/lib/samba/sysvol # owner: root # group: 3000000 user::rwx user:root:rwx user:3000000:rwx user:3000001:r-x user:3000002:rwx user:3000003:r-x group::rwx

On 26/05/15 12:51, Stephan Mattecka wrote: >> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr >> Von: "Rowland Penny" <rowlandpenny at googlemail.com> >> An: "Stephan Mattecka" <ste-fun_s at gmx.de> >> Cc: samba at lists.samba.org >> Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD >> >> On 26/05/15

Rowland Penny skrev den 2015-02-19 18:15: > OK, there is a discussion over on samba-technical about nss_winbind > and the question about Administrator being mapped to 0 was raised. Now > I have always thought that it should, but in fairness, I decided to > see what happens when it isn't, so I removed Administrator from > idmap.ldb and restarted samba. Before restarting

On 20/02/15 21:27, Davor Vusir wrote: > > Rowland Penny skrev den 2015-02-19 18:15: >> OK, there is a discussion over on samba-technical about nss_winbind >> and the question about Administrator being mapped to 0 was raised. >> Now I have always thought that it should, but in fairness, I decided >> to see what happens when it isn't, so I removed Administrator

OK, there is a discussion over on samba-technical about nss_winbind and the question about Administrator being mapped to 0 was raised. Now I have always thought that it should, but in fairness, I decided to see what happens when it isn't, so I removed Administrator from idmap.ldb and restarted samba. Before restarting samba, I checked a few things, on the DC, getfacl returned this for

Rowland Penny skrev den 2015-02-21 10:35: > On 20/02/15 21:27, Davor Vusir wrote: >> >> Rowland Penny skrev den 2015-02-19 18:15: >>> OK, there is a discussion over on samba-technical about nss_winbind >>> and the question about Administrator being mapped to 0 was raised. >>> Now I have always thought that it should, but in fairness, I decided

Ah, yes, oeps sorry, and i did run out of the office yesterday, so didnt see this.. 3000002:rwx 3000003:r-x wbinfo --uid-to-sid=3000003 S-1-5-11 wbinfo --uid-to-sid=3000002 S-1-5-18 wbinfo --sid-to-name=S-1-5-11 NT AUTHORITY\Authenticated Users 5 wbinfo --sid-to-name=S-1-5-18 NT AUTHORITY\SYSTEM 5 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba

On Fri, 29 Sep 2017 13:19:44 +0200 Klaus Hartnegg via samba <samba at lists.samba.org> wrote: > > > On 29.09.2017 11:44 Rowland Penny wrote: > > Have you set up the libnss_winbind links, PAM > > and /etc/nsswitch.conf ? > > Yes, I had modified two lines in /etc/nsswitch.conf: > passwd: files winbind > group: files winbind > > No,

> root at graz-dc-sem.ad.tao.at# wbinfo --sid-to-name=S-1-5-11 > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup sid S-1-5-11 So how fucked is my domain? On 2017-08-25 08:09, L.P.H. van Belle via samba wrote: > Ah, yes, oeps sorry, and i did run out of the office yesterday, so didnt see this.. > > 3000002:rwx > 3000003:r-x > > wbinfo

Hello Gabriel, Am 25.05.2015 um 13:23 schrieb Gabriel Franca: > Good morning List > > On Friday I had to leave so I could no longer continue with our lab. > Weekend and holy all have to rest as much as possible. = D > So I'm back and I will put the smb.conf for analysis. > > # Global parameters > > [global] > > workgroup = CMC > > realm = CMC.CORP >

No, I dont agree/believe you.. ... because of my setup. On the a samba member. ( 4.5/4.6) getent group "Domain Admins" domain admins:x:10001:admin,administrator I run more then a year like this. On the Samba DC ( 4.5.3) NTDOM\domain admins:x:3000008 All others are ok on the dc. BAZRTD\domain users:x:10000 BAZRTD\domain guests:x:10002: It works fine here, this is what i want.

> On 29.09.2017 11:44 Rowland Penny wrote: > Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ? Yes, I had modified two lines in /etc/nsswitch.conf: passwd: files winbind group: files winbind No, I had not seen a pointer to libnss, but now did ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/ ln -s

On 1/12/2017 3:47 PM, Richard via samba wrote: > Hi > > root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes > ...some error information... > Checked 3647 objects (2 errors) > root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > Checking 3647 objects > Checked 3647 objects (0 errors) > > root at dc1:~ # getfacl

samba --version Version 4.0.0rc3-GIT-293b100 Hi I have a problem backing up my sysvol folder. Here is the acl after running: samba-tool ntacl sysvolreset getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path names # file: usr/local/samba/var/locks/sysvol/ # owner: Administrator # group: wheel # flags: s-- user::rwx user:Administrator:rwx

Hai, the steps are (basily) good, only this one can be better.   >To solve, I executed the following commands: >Chown 10060: 30028 -R sysvol >Chmod 775 -R sysvol   If you use acl_xattr:ignore system acls = yes on the sysvol share, you must configur the share from withing windows.  (* or use smbcalcs , but i never used it. )   This is what i see:   ls -al  sysvol total 24 drwxrwx---+ 3

> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > An: "Stephan Mattecka" <ste-fun_s at gmx.de> > Cc: samba at lists.samba.org > Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > > On 26/05/15 10:42, Stephan Mattecka wrote: > > Gesendet: Donnerstag, 21. Mai

Hi Louis I have moved "empresa.com.br" folder to /root. After I run samba-tool ntacl sysvolreset, but some errors appear: samba-tool ntacl sysvolreset open: error=2 (No such file or directory) ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run

On 18/07/2019 14:11, Jonathan Hunter via samba wrote: > On Wed, 17 Jul 2019 at 17:58, Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 17/07/2019 17:43, Kris Lou via samba wrote: >>> I had thought that the conventional wisdom was that ntacl sysvolreset >>> should be mostly avoided once relative stability achieved and additional >>>

Hi root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes ...some error information... Checked 3647 objects (2 errors) root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix Checking 3647 objects Checked 3647 objects (0 errors) root at dc1:~ # getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path

I remain baffled as to why richard.h cannot access the sysvol share. Permissions all seem ok from what I can see and I'm not sure why this should be any different from normal AD share behaviour (our other shares are working fine for domain users) I would really appreciate it if someone could let me know whether the sysvol has become corrupt in some way and I am wasting my time even trying