Re: Samba 4.2.10+dfsg-0+deb8u3 and group specific policies
On Thu, 16 Jun 2016 13:31:07 +0000 (UTC), Virgo Pärna <virgo.parna@mail.ee> wrote:
>
> Or maybe I'm wrong about it been about group specific policies.
> Because when I removed permission for that group, then it fails with
> another policy - and then it fails with another policy.
> But strange thing is, that while Windows Vista reports error,
> Windows 10 succeeds.
>
Seems that the problem is with entire sysvol share.
I used psexec -s -i cmd.exe to run cmd.exe as SYSTEM user in Windows
computers.
Windows 10 can access \\domain\sysvol and \\dc\sysvol just fine.
Windows XP (cannot try in Windows Vista currently) cannot access
\\domain\sysvol nor \\dc\sysvol (but they can access other normal
shares). Also, user logged in to system can access shares normaly. Only
system has the issue.
When XP accesses sysvol, then samba log is (end of it):
[2016/06/17 14:19:48.160146, 3]
../source3/lib/access.c:338(allow_access)
Allowed connection from 10.10.10.36 (10.10.10.36)
But with Windows 10 it is:
[2016/06/17 14:20:38.916353, 3]
../source3/lib/access.c:338(allow_access)
Allowed connection from 10.10.10.46 (10.10.10.46)
[2016/06/17 14:20:38.919349, 2]
../lib/util/modules.c:196(do_smb_load_module)
Module 'acl_xattr' loaded
[2016/06/17 14:20:38.922148, 2]
../lib/util/modules.c:196(do_smb_load_module)
Module 'dfs_samba4' loaded
[2016/06/17 14:20:38.922200, 2]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
--
Virgo Pärna
virgo.parna@mail.ee
Reply to: