Displaying 20 results from an estimated 10000 matches similar to: "ERROR in samba-tool ntacls get"
2016 May 17
3
Error with "samba-tool ntacl get --as-sddl"
On two Samba 4.4.2/4.4.3 member servers, "samba-tool ntacl get
--as-sddl" gives the following error:
ERROR: Unable to read domain SID from configuration files
Which configuration files is it referring to?
Without "--as-sddl" the command gives a correct output.
It would be nice to get the permissions in sddl format...
The same command works as expected on two AC DCs.
2014 Nov 07
1
sysvolcheck
I get this error when I run samba-tool ntacl sysvolcheck
ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
There are two GPO directories.
One is the Default Domain Controllers Policy
and one is the Default Domain Policy
It looks like it's the Default Domain Policy that's
2011 Feb 03
1
POSIX ACLs vs. EA security.NTACLs
This might be more inclusive if I said, Linux Permissions vs POSIX ACLs
vs vfs_xattr.
I have recently begun to discover the power and flexibility of using
POSIX ACLs (by mounting my EXT3/4 filesystems with the acl option). This
solved alot of security permissions issues between Samba and Linux
groups of users. As I have delved into this deeper and begun using the
VFS object, vfs_xattr, things
2013 Sep 26
3
Samba4: where are ACLs stored?
Hi,
most file access rights sync between ACLs of linux and the security tab
of windows file properties, but not all. Where are the other infos stored?
I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
output changed when using windows to add individual right for a user
that already has rights inherited from the parent directory. Windows
remembers every
2017 Sep 29
3
user cannot access shares on new ad-dc
> On 29.09.2017 11:44 Rowland Penny wrote:
> Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ?
Yes, I had modified two lines in /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
No, I had not seen a pointer to libnss, but now did
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/
ln -s
2020 Oct 28
1
GPO fail and sysvol perm errors
For completeness:
The existing GPO:
# samba-tool ntacl get --as-sddl \{07AF723D-5FFD-4807-B3C6-DFCE911B922A\}/
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
The newly created GPO:
# samba-tool ntacl get --as-sddl \{0C0B713E-EE65-4ACE-88AE-25125E2AAE00\}/
2016 May 18
1
Error with "samba-tool ntacl get --as-sddl"
> Hi, this is because when you use '--as-sddl', the python code does this:
>
> if as_sddl:
> try:
> domain_sid = security.dom_sid(samdb.domain_sid)
> except:
> raise CommandError("Unable to read domain SID from
> configuration files")
>
2019 Aug 27
3
Permissions at the top of a Samba share
Am 2019-08-26 um 16:35 schrieb Rowland penny via samba:
> On 26/08/2019 15:20, ? Peter Rindfuss via samba wrote:
>> Hi,
>>
>> I have a question regarding permissions at the top of a share as seen
>> from a Windows 10 client.
>>
>> We are using Samba 4.10.6-Debian (van Belle) on Debian 10 (Buster) with
>> one AD controller and one file server.
>>
2023 Nov 29
1
Setting up Profiles share... 777?!
Mandi! Rowland Penny via samba
In chel di` si favelave...
>> acl_xattr:default acl style = windows
>> acl_xattr:ignore system acls = yes
> Why have you added those two last lines ?
Ahem, really you need an answer?! ;-)
I don't remember... ;-(((
>> What i'm missing?! Thanks.
> Well, because you have added this line:
> acl_xattr:ignore system
2020 Oct 28
2
GPO fail and sysvol perm errors
>
> However the acls via getfacl for the two GPO's are identical.
Your sure?
> I don't know if that will be problematic down the road or not.
No, thats fine.
But run on the 2 folders :
samba-tool ntacl get --as-sddl FOLDERHERE
Compair the 2 outputs.
There must be a difference.
Well, at least it works now for you..
Greetz,
Louis
2023 Apr 02
2
Inconsistent SYSVOL ACLs
First of all thank you all for the answers and for trying to help me.
I agree with you michael regarding the parameters passed in the ./configure
command, the location is not part of the problem.
The file system used is XFS. and the strace command logs are in the
attached link
https://drive.google.com/file/d/1R_b6TzeJVmNIpnlkPfRk0CtkpeU4dgcg/view?usp=share_link
Rowland, the result of the
2014 Jul 15
3
chown destroys ACLs
Hi,
Is it normal that "chown $user $file" and "chown :$group $file" destroy
the Windows-ACLs?
Is it normal that changing the file owner in Windows does not change the
file owner in Linux, but changing the file owner in Linux does change
the file owner in Windows?
This should be mentioned in
>
2014 Mar 12
4
Wiki should have Readme First
Many first time users of Samba-4 seem to struggle with the same issues.
I suggest the Wiki should have a Readme First similar like this:
http://www.klaus-hartnegg.de/gpo/14-03-12-samba4.html
It basicly says that Samba 4 can behave either like Samba 3, or as
AD-DC, in which case it should do nothing else. Then it lists the main
differences, limitations, and requirements.
I would love to see a
2023 Apr 02
1
Inconsistent SYSVOL ACLs
On 02/04/2023 09:21, Michael Tokarev via samba wrote:
> Neither of the 3 should be a problem. Especially the ones which
> are already set by default.? --enable-fhs uses slightly different
> layout within $prefix, that's all. The build-time configuration
> looks entirely okay.
You may be correct Michael, but I still wouldn't use '--enable-fhs' by
itself.
>
>
2014 Dec 01
2
protocol SMB2 prevents start of program?
On 11/28/2014 9:23 AM, Klaus Hartnegg wrote:
>
> Is there anything else that I could try,
> or do I just have to stay on protocol NT1
> as long as we still use this old software?
>
> Klaus
Try in [global]
acl allow execute always=true
--
Regards
--------------------------------------
Gerald Drouillard
Technology Architect
Drouillard & Associates, Inc.
2023 Mar 28
1
windows acls
On 28/03/2023 19:47, Peter Carlson via samba wrote:
>
> On 3/28/23 11:22, Rowland Penny via samba wrote:
>>
>>
>> On 28/03/2023 18:43, Peter Carlson via samba wrote:
>>> bumping the log to 5, there are a few more lines right before
>>> NT_STATUS_ACCESS_DENIED, could the EA error be a clue?
>>
>> I do not think so, that is what you are trying
2015 May 13
2
Posix vs. Windows File/Directory Permissions
On Wed, May 13, 2015 at 1:20 PM, Klaus Hartnegg <hartnegg at uni-freiburg.de>
wrote:
> Am 13.05.2015 um 17:30 schrieb S?bastien Le Ray:
>
>> No they aren't
>>>
>>
>> Yes they are
>>
>
> Not sure about this, but mostly irrelevant anyway, because of this effect
> in the other direction:
>
> If you have set Windows ACLs, and then change
2014 Sep 04
3
valid users fails with net groupmap rid=512
Hi,
The group that is mapped to rid=512 cannot be used in "valid users", the
users cannot map the share (error 5).
Is this normal? Should I file a bug?
Version 4.1.6-Ubuntu
server role = classic primary domain controller
smb.conf:
valid users = +smbadmin
command:
net groupmap add ntgroup="Domain Admins" unixgroup=smbadmin rid=512 type=d
As soon as I remove the group
2020 Oct 25
3
GPO fail and sysvol perm errors
On 25/10/2020 20:37, Sonic wrote:
> The reset allowed the current GPO to take effect, but right after
> adding a new GPO (just named it, no editing, or linking) the
> sysvolcheck fails:
> # samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
> - ProvisioningError: DB ACL on GPO directory
>
2023 Nov 28
1
Setting up Profiles share... 777?!
On Tue, 28 Nov 2023 16:00:22 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> In a fresh samba AD domain i'm setting up the 'Profiles' share for
> roaming profiles, following the wiki:
>
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
>