On Thu, 2012-10-25 at 10:01 +0100, Alex Matthews wrote: > On 25/10/2012 02:31, Andrew Bartlett wrote: > > On Wed, 2012-10-24 at 18:36 +0100, Alex Matthews wrote: > >> On 24/10/2012 17:25, Alex Matthews wrote: > >>> On 24/10/2012 12:09, Andrew Bartlett wrote: > >>>> On Wed, 2012-10-24 at 10:49 +0100, Alex Matthews wrote: > >>>>> Hi, > >>>>> > >>>>> I have installed a virtual testing network consisting of one samba4 PDC > >>>>> (latest git master) and one Windows XP Pro SP3 (fully updated)machine. > >>>>> > >>>>> I have successfully provisioned an AD Domain and joined the XP machine > >>>>> to it. > >>>>> When I run the gpmc on the XP Pro machine and select: > >>>>> Forest: <domain name> -> Domains -> <domain name> -> Group Policy > >>>>> Objects -> Default Domain [Controller | Policy] > >>>>> I get the following error: > >>>>> > >>>>> "The permissions for this GPO in the SYSVOL folder are inconsistent > >>>>> with > >>>>> those in Active Directory. > >>>>> It is recommended that these permissions be consistent. > >>>>> To change the SYSVOL permissions to those in Active Directory, click > >>>>> OK." > >>>>> > >>>>> Hitting ok I get no error but as soon as I reselect THE SAME entry I > >>>>> get > >>>>> the same error, it doesn't seem to be able to fix the ACL. > >>>>> > >>>>> I have found one post about this on the list > >>>>> (https://bugzilla.samba.org/show_bug.cgi?id=5483)but apparently it was > >>>>> "fixed" a long time ago. > >>>>> Seeing as I'm using the latest version I would assume this is a > >>>>> different issue. > >>>>> > >>>>> If I try to change any of the ACLs on either of the folders in > >>>>> \\<pdc>\sysvol\<domain name>\Policies\ by hand I get no errors however > >>>>> the change doesn't stick. > >>>>> > >>>>> > >>>>> Looking at the samba log files: > >>>>> > >>>>> I get this when I start gpmc and click ok: > >>>>> http://pastebin.com/7rBKyU1B > >>>>> > >>>>> I get this when I start gpmc and don't click ok: > >>>>> http://pastebin.com/B3DMSE1T > >>>>> > >>>>> I get this when I alter the ACLs manually (after line 479 is when I > >>>>> actually alter the ACLs): > >>>>> http://pastebin.com/2mEvWX6K > >>>>> > >>>>> My smb.conf is stock. No alterations. > >>>>> The server OS is Ubuntu 12.04. > >>>>> The filesystem is ext4 mounted with the following options: > >>>>> "errors=remount-ro,acl,user_xattr,barrier=1". > >>>>> I have all acl packages installed that I have seen referenced by samba > >>>>> or in posts of a similar nature. > >>>> If you are in the mood for some testing, can you try my acl-fixes2 > >>>> branch? > >>>> > >>>> git remote add abartlet git://git.samba.org/abartlet/samba.git > >>>> git fetch abartlet > >>>> git checkout abartlet/acl-fixes2 -b abartlet-acl-fixes2 > >>>> > >>>> I'm trying to get these changes into master, but I'm not quite finished. > >>>> You should only put these on a test server, as I may change data formats > >>>> etc. > >>>> > >>>> I would be very curious to know if this fixes the issue. > >>>> > >>>> Otherwise or in addition, if you can show me the contents of your > >>>> idmap.ldb (ldbsearch -H idmap.ldb) it might help me guess as what is > >>>> going wrong here, and fix it. > >>>> > >>>> Thanks, > >>>> > >>>> Andrew Bartlett > >>>> > >>> I assume > >>> > >>> git checkout abartlet/acl-fixes2 -b abartlet-acl-fixes2 > >>> > >>> should be: > >>> > >>> git checkout abartlet/fix-acls2 -b abartlet-fix-acls2 > >>> > >>> I'm rebuilding now, will keep you posted! > >>> > >>> Thanks, > >>> > >>> Alex > >>> > >> I have tried your branch. Rebuilt and the XP machine still throws the > >> same issue. > >> > >> Do I need to reprovision? > > You need to at least run 'samba-tool ntacl sysvolreset' to get the new > > ACLs on disk. > > > > Andrew Bartlett > > > Hiya, > > No luck I'm afraid, still the same issue!
Drat. OK, we will need to dig in further. Can you show me your idmap.ldb? What does 'samba-tool ntacl sysvolcheck' show? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
