From: Andrew Bartlett <abart...@samba.org>
Date: Wed, 31 Oct 2012 00:40:02 +0100
Local: Tues, Oct 30 2012 7:40 pm
Subject: Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote:Probably not for write operations.
> > I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related.
> > 1. Unable to create or delete GPOs.
> > I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated?
> It looks like in default Windows schema only members of Domain Admins can modify cn=Policies. If one will allow "Domain controllers" group to have rw access too, the LDAP-related error disappears. However, sysvol FS access error will raise (due to the fact machine accounts do not have write permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset).
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.