On 24/10/2012 12:09, Andrew Bartlett wrote:
On Wed, 2012-10-24 at 10:49 +0100, Alex Matthews wrote:
Hi,
I have installed a virtual testing network consisting of one samba4 PDC
(latest git master) and one Windows XP Pro SP3 (fully updated)machine.
I have successfully provisioned an AD Domain and joined the XP machine
to it.
When I run the gpmc on the XP Pro machine and select:
Forest: <domain name> -> Domains -> <domain name> -> Group Policy
Objects -> Default Domain [Controller | Policy]
I get the following error:
"The permissions for this GPO in the SYSVOL folder are inconsistent with
those in Active Directory.
It is recommended that these permissions be consistent.
To change the SYSVOL permissions to those in Active Directory, click OK."
Hitting ok I get no error but as soon as I reselect THE SAME entry I get
the same error, it doesn't seem to be able to fix the ACL.
I have found one post about this on the list
(https://bugzilla.samba.org/show_bug.cgi?id=5483)but apparently it was
"fixed" a long time ago.
Seeing as I'm using the latest version I would assume this is a
different issue.
If I try to change any of the ACLs on either of the folders in
\\<pdc>\sysvol\<domain name>\Policies\ by hand I get no errors however
the change doesn't stick.
Looking at the samba log files:
I get this when I start gpmc and click ok:
http://pastebin.com/7rBKyU1B
I get this when I start gpmc and don't click ok:
http://pastebin.com/B3DMSE1T
I get this when I alter the ACLs manually (after line 479 is when I
actually alter the ACLs):
http://pastebin.com/2mEvWX6K
My smb.conf is stock. No alterations.
The server OS is Ubuntu 12.04.
The filesystem is ext4 mounted with the following options:
"errors=remount-ro,acl,user_xattr,barrier=1".
I have all acl packages installed that I have seen referenced by samba
or in posts of a similar nature.
If you are in the mood for some testing, can you try my acl-fixes2
branch?
git remote add abartlet git://git.samba.org/abartlet/samba.git
git fetch abartlet
git checkout abartlet/acl-fixes2 -b abartlet-acl-fixes2
I'm trying to get these changes into master, but I'm not quite finished.
You should only put these on a test server, as I may change data formats
etc.
I would be very curious to know if this fixes the issue.
Otherwise or in addition, if you can show me the contents of your
idmap.ldb (ldbsearch -H idmap.ldb) it might help me guess as what is
going wrong here, and fix it.
Thanks,
Andrew Bartlett
I assume
git checkout abartlet/acl-fixes2 -b abartlet-acl-fixes2
should be:
git checkout abartlet/fix-acls2 -b abartlet-fix-acls2
I'm rebuilding now, will keep you posted!
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
