Bug 9207 - ACLs on GPO objects do not match Windows defaults
ACLs on GPO objects do not match Windows defaults
Status: NEEDINFO
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.0.0rc1
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on: 9342
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-24 22:46 UTC by Christian Ambach
Modified: 2012-12-04 11:11 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ambach 2012-09-24 22:46:46 UTC
Currently, samba-tool ntacl sysvolreset sets the same SD for all objects in sysvol, regardless if it is a file or directory.

When looking at a Windows server, the file objects did not have OI/CI set (and this even does not make much sense to use), only the directories have inheritance flags set.

This gives trouble when trying to put sysvol on a GPFS share (with NFSv4 ACLs) as GPFS denies the ACL for a file if inheritance rules are set.
Comment 1 Karolin Seeger 2012-12-04 11:11:15 UTC
Can you please try to reproduce this one with Samba 4.0.0rc6?

Thanks!