Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] sysvol permissions
1,379 views
Skip to first unread message
mourik jan heupink
Sep 17, 2015, 5:40:05 AM9/17/15
to
Hi,
We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
to have permission problems on our sysvol:
> root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-42B247B9943C} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1624, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
Running
> root@DC2:/var/lib/samba# samba-tool ntacl sysvolreset
finishes without any output, so I'm guessing that means: success.... but
afterwards sysvolcheck still reports the same error.
Is this some bug in 4.1.17..? We could of course try upgrading...?
MJ
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
to have permission problems on our sysvol:
> root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-42B247B9943C} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1624, in check_dir_acl
> raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
Running
> root@DC2:/var/lib/samba# samba-tool ntacl sysvolreset
finishes without any output, so I'm guessing that means: success.... but
afterwards sysvolcheck still reports the same error.
Is this some bug in 4.1.17..? We could of course try upgrading...?
MJ
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
Sep 17, 2015, 5:50:03 AM9/17/15
to
Hai Mourik Jan,
Try with :
samba-tool ntacl sysvolcheck -U Administrator
samba-tool gpo aclcheck -U Administrator
Set : acl_xattr:ignore system acls = yes
On sysvol and netlogon share since only windows computers use these.
It gives better NT ACL compatibility.
and if you Group policies work, ignore these errors.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 11:34
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] sysvol permissions
Try with :
samba-tool ntacl sysvolcheck -U Administrator
samba-tool gpo aclcheck -U Administrator
Set : acl_xattr:ignore system acls = yes
On sysvol and netlogon share since only windows computers use these.
It gives better NT ACL compatibility.
and if you Group policies work, ignore these errors.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 11:34
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] sysvol permissions
>
> Hi,
>
> We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
> to have permission problems on our sysvol:
>
> > root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO directory
> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-
> 42B247B9943C}
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> Hi,
>
> We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we seem
> to have permission problems on our sysvol:
>
> > root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO directory
> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-
> 42B247B9943C}
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
mourik jan heupink
Sep 17, 2015, 5:50:04 AM9/17/15
to
A bit more info:
the 'problem' policy in question:
> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-42B247B9943C}
is basically just empty directories, and one file GPT.INI containing
just this:
> [General]
> Version=0
> displayName=New Group Policy Object
Would it be safe to simply delete the whole
{A577A789-8C39-447A-8555-42B247B9943C} directory..? (or would that mess
up things..?)
MJ
the 'problem' policy in question:
> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-8555-42B247B9943C}
is basically just empty directories, and one file GPT.INI containing
just this:
> [General]
> Version=0
> displayName=New Group Policy Object
Would it be safe to simply delete the whole
{A577A789-8C39-447A-8555-42B247B9943C} directory..? (or would that mess
up things..?)
MJ
L.P.H. van Belle
Sep 17, 2015, 6:00:05 AM9/17/15
to
If the folders are emty, just delete them.
I do check that also so now and then, i noticed the same,
and i deleted them also.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 11:42
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] sysvol permissions
I do check that also so now and then, i noticed the same,
and i deleted them also.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] sysvol permissions
mourik jan heupink
Sep 17, 2015, 6:10:04 AM9/17/15
to
Hi Louis,
Alas...
and also
Then I deleted the empty folder...and to my horror, we now get:
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory')
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
> xattr.XATTR_NTACL_NAME)
No such file or directory!!
The I quickly moved back the deleted folder, and we're STILL getting the
above error...!!
What now..? Suggestions?
Alas...
> samba-tool ntacl sysvolcheck -U Administrator
same result :-(
and also
> acl_xattr:ignore system acls = yes
in smb.conf for both sysvol and netlogon makes no difference...
Then I deleted the empty folder...and to my horror, we now get:
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
> xattr.XATTR_NTACL_NAME)
No such file or directory!!
The I quickly moved back the deleted folder, and we're STILL getting the
above error...!!
What now..? Suggestions?
Rowland Penny
Sep 17, 2015, 6:20:04 AM9/17/15
to
Got: O:LAG:DAD:P
Wanted: O:DAG:DAD:P
Or to break it down even further, it is owned by (O:LA) Local
Administrators and should be owned by (O:DA) Domain Administrators,
personally I don't think it matters, is there anything that doesn't work?
Rowland
L.P.H. van Belle
Sep 17, 2015, 7:00:04 AM9/17/15
to
Mourik-Jan,
Look this is what i get. ( sernet samba 4.2.4 )
samba-tool ntacl sysvolcheck -U Administrator ( kinit Administrator first )
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /home/samba/sysvol/rotterdam.bazuin.nl/Policies/{EAF212FE-4718-4693-BD18-6B4FC8A0513A} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1681, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1628, in check_dir_acl
Im ignoring above errors also.
Domain Admins, are member of Local Admins.
Check your windows pc's eventlogs for GPO errors, if you dont have any,
your ok, and if you do, post the errors, we have a look at it.
I have everything in GPO's and its all working ok, even with above errors.
Policies, printer distributions etc, als logon the share rights and security rights in windows are ok, your fine.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland Penny
> Verzonden: donderdag 17 september 2015 12:10
Look this is what i get. ( sernet samba 4.2.4 )
samba-tool ntacl sysvolcheck -U Administrator ( kinit Administrator first )
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /home/samba/sysvol/rotterdam.bazuin.nl/Policies/{EAF212FE-4718-4693-BD18-6B4FC8A0513A} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1730, in checksysvolacl
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1681, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1628, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
i do have the line :
acl_xattr:ignore system acls = yes
also, this is only used for windows pc's.
Im ignoring above errors also.
Domain Admins, are member of Local Admins.
Check your windows pc's eventlogs for GPO errors, if you dont have any,
your ok, and if you do, post the errors, we have a look at it.
I have everything in GPO's and its all working ok, even with above errors.
Policies, printer distributions etc, als logon the share rights and security rights in windows are ok, your fine.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland Penny
> Verzonden: donderdag 17 september 2015 12:10
> On 17/09/15 10:34, mourik jan heupink wrote:
> > Hi,
> >
> > We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we
> > seem to have permission problems on our sysvol:
> >
> >> root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> >> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> >> exception - ProvisioningError: DB ACL on GPO directory
> >> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-
> 8555-42B247B9943C}
> >>
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED)
> >> does not match expected value
> >>
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> > Hi,
> >
> > We're running samba 4.1.17-SerNet-Debian-10.wheezy, AD mode, and we
> > seem to have permission problems on our sysvol:
> >
> >> root@DC2:/var/lib/samba# samba-tool ntacl sysvolcheck
> >> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> >> exception - ProvisioningError: DB ACL on GPO directory
> >> /var/lib/samba/sysvol/samba.domain.com/Policies/{A577A789-8C39-447A-
> 8555-42B247B9943C}
> >>
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
> 0a9;;;AU)(A;OICI;0x001200a9;;;ED)
> >> does not match expected value
> >>
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001
> f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x00120
mourik jan heupink
Sep 17, 2015, 7:00:04 AM9/17/15
to
Hi Rowland and Louis, list,
I now (after deleting en restoring the problem-gpo directory) seem to
have a more serious error on that dc:
> root@DC2:~# samba-tool ntacl sysvolcheck
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
Has anyone seen this?
It seems most (or perhaps all) of my GPO's are still working. (one is
not working, and that is why I started looking at this in the first place)
MJ
I now (after deleting en restoring the problem-gpo directory) seem to
have a more serious error on that dc:
> root@DC2:~# samba-tool ntacl sysvolcheck
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
> lp)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
> direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
> domainsid, direct_db_access)
> File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
> xattr.XATTR_NTACL_NAME)
> root@DC2:~#
> fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
> xattr.XATTR_NTACL_NAME)
Has anyone seen this?
It seems most (or perhaps all) of my GPO's are still working. (one is
not working, and that is why I started looking at this in the first place)
MJ
L.P.H. van Belle
Sep 17, 2015, 7:10:04 AM9/17/15
to
You have 2 DC's i see.
You do you sync your sysvol?
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 12:54
You do you sync your sysvol?
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens mourik jan
> heupink
> Verzonden: donderdag 17 september 2015 12:54
mourik jan heupink
Sep 17, 2015, 7:20:03 AM9/17/15
to
Hi,
We have three dc's, and yes, we rsync both dc3 and dc4 from dc2.
And since deleting the empty dir, we're getting the same "uncaught
exception - (61, 'No data available')" error.
MJ
We have three dc's, and yes, we rsync both dc3 and dc4 from dc2.
And since deleting the empty dir, we're getting the same "uncaught
exception - (61, 'No data available')" error.
MJ
L.P.H. van Belle
Sep 17, 2015, 7:20:04 AM9/17/15
to
And rowland,
Am "maybe" good addition to your modified backup script.
Adding something like :
getfacl -R /path2/sysvol > sysvol.permissions.acl
(and a restore option)
setfacl --restore=sysvol.permissions.acl
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens L.P.H. van Belle
> Verzonden: donderdag 17 september 2015 13:00
Am "maybe" good addition to your modified backup script.
Adding something like :
getfacl -R /path2/sysvol > sysvol.permissions.acl
(and a restore option)
setfacl --restore=sysvol.permissions.acl
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens L.P.H. van Belle
> Verzonden: donderdag 17 september 2015 13:00
mourik jan heupink
Sep 17, 2015, 7:30:03 AM9/17/15
to
Hi
> And since deleting the empty dir, we're getting the same "uncaught
> exception - (61, 'No data available')" error.
Solved this by running the sysvolreset again. Now sysvolcheck reports
the same error. (and I learned from Louis/Rowland not to worry too much
about those)
It seems strange that sysvolreset sets certain ACLs, and sysvolcheck
checks for different ACLs...
Thanks for the feedback!
> And since deleting the empty dir, we're getting the same "uncaught
> exception - (61, 'No data available')" error.
the same error. (and I learned from Louis/Rowland not to worry too much
about those)
It seems strange that sysvolreset sets certain ACLs, and sysvolcheck
checks for different ACLs...
Thanks for the feedback!
mourik jan heupink
Sep 17, 2015, 7:40:03 AM9/17/15
to
On 09/17/2015 12:09 PM, Rowland Penny wrote:
>
> Or to break it down even further, it is owned by (O:LA) Local
> Administrators and should be owned by (O:DA) Domain Administrators,
> personally I don't think it matters, is there anything that doesn't work?
error on 'administrative templates', and I'm just wondering: are you all
also seeing this?
The following errors were encountered:
Expected one of the following possible element(s), <text>,
<decimalTextBox>, <textBox>, <checkBox>, <comboBox>, <dropdownList>,
<listBox>, but found <multiTextBox> instead. File
C:\Windows\PolicyDefinitions\en-US\inetres.adml, line 4276, column 59
Encountered an unknown error while parsing (error = 0x87400001):
-2025848831 (0x87400001) File C:\Windows\PolicyDefinitions\inetres.admx,
line 10, column 41
(this error can be observed the reports, generated in Group Policy
Management, right clicking a policy, and 'save report')
Just curious.
MJ
L.P.H. van Belle
Sep 17, 2015, 7:50:04 AM9/17/15
to
Do you use an "Central Policy store" on sysvol..
That one is newer then on your pc.
You wil also see this if you updated from windows 7 to/with windows 10 policies in your central store.
Update the local store and check again.
Have a look here also
http://trekker.net/archives/group-policy-downloads/
i think you missing the IE11 template on your pc.
And good to know :
https://support.microsoft.com/en-us/kb/3087759
if you see other policies with errors.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Verzonden: donderdag 17 september 2015 13:33
That one is newer then on your pc.
You wil also see this if you updated from windows 7 to/with windows 10 policies in your central store.
Update the local store and check again.
Have a look here also
http://trekker.net/archives/group-policy-downloads/
i think you missing the IE11 template on your pc.
And good to know :
https://support.microsoft.com/en-us/kb/3087759
if you see other policies with errors.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Verzonden: donderdag 17 september 2015 13:33
mourik jan heupink
Sep 17, 2015, 8:10:04 AM9/17/15
to
That is SO interesting... and I did not know that.
Thanks Louis!
On 09/17/2015 01:46 PM, L.P.H. van Belle wrote:
> Do you use an "Central Policy store" on sysvol..
> That one is newer then on your pc.
>
> You wil also see this if you updated from windows 7 to/with windows 10 policies in your central store.
>
> Update the local store and check again.
>
> Have a look here also
> http://trekker.net/archives/group-policy-downloads/
> i think you missing the IE11 template on your pc.
>
> And good to know :
> https://support.microsoft.com/en-us/kb/3087759
>
> if you see other policies with errors.
>
> Greetz,
>
> Louis
>
>
Thanks Louis!
On 09/17/2015 01:46 PM, L.P.H. van Belle wrote:
> Do you use an "Central Policy store" on sysvol..
> That one is newer then on your pc.
>
> You wil also see this if you updated from windows 7 to/with windows 10 policies in your central store.
>
> Update the local store and check again.
>
> Have a look here also
> http://trekker.net/archives/group-policy-downloads/
> i think you missing the IE11 template on your pc.
>
> And good to know :
> https://support.microsoft.com/en-us/kb/3087759
>
> if you see other policies with errors.
>
> Greetz,
>
> Louis
>
>
Rowland Penny
Sep 17, 2015, 8:20:03 AM9/17/15
to
back together again :-D
Rowland
0 new messages