On Wed, 2012-10-24 at 10:49 +0100, Alex Matthews wrote: > Hi, > > I have installed a virtual testing network consisting of one samba4 PDC > (latest git master) and one Windows XP Pro SP3 (fully updated)machine. > > I have successfully provisioned an AD Domain and joined the XP machine > to it. > When I run the gpmc on the XP Pro machine and select: > Forest: <domain name> -> Domains -> <domain name> -> Group Policy > Objects -> Default Domain [Controller | Policy] > I get the following error: > > "The permissions for this GPO in the SYSVOL folder are inconsistent with > those in Active Directory. > It is recommended that these permissions be consistent. > To change the SYSVOL permissions to those in Active Directory, click OK." > > Hitting ok I get no error but as soon as I reselect THE SAME entry I get > the same error, it doesn't seem to be able to fix the ACL. > > I have found one post about this on the list > (https://bugzilla.samba.org/show_bug.cgi?id=5483)but apparently it was > "fixed" a long time ago. > Seeing as I'm using the latest version I would assume this is a > different issue. > > If I try to change any of the ACLs on either of the folders in > \\<pdc>\sysvol\<domain name>\Policies\ by hand I get no errors however > the change doesn't stick. > > > Looking at the samba log files: > > I get this when I start gpmc and click ok: > http://pastebin.com/7rBKyU1B > > I get this when I start gpmc and don't click ok: > http://pastebin.com/B3DMSE1T > > I get this when I alter the ACLs manually (after line 479 is when I > actually alter the ACLs): > http://pastebin.com/2mEvWX6K > > My smb.conf is stock. No alterations. > The server OS is Ubuntu 12.04. > The filesystem is ext4 mounted with the following options: > "errors=remount-ro,acl,user_xattr,barrier=1". > I have all acl packages installed that I have seen referenced by samba > or in posts of a similar nature.
If you are in the mood for some testing, can you try my acl-fixes2 branch? git remote add abartlet git://git.samba.org/abartlet/samba.git git fetch abartlet git checkout abartlet/acl-fixes2 -b abartlet-acl-fixes2 I'm trying to get these changes into master, but I'm not quite finished. You should only put these on a test server, as I may change data formats etc. I would be very curious to know if this fixes the issue. Otherwise or in addition, if you can show me the contents of your idmap.ldb (ldbsearch -H idmap.ldb) it might help me guess as what is going wrong here, and fix it. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
