Bug 9207 - ACLs on GPO objects do not match Windows defaults
Summary: ACLs on GPO objects do not match Windows defaults
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on: 9342
  Show dependency treegraph
Reported: 2012-09-24 22:46 UTC by Christian Ambach
Modified: 2021-12-07 16:25 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ambach 2012-09-24 22:46:46 UTC
Currently, samba-tool ntacl sysvolreset sets the same SD for all objects in sysvol, regardless if it is a file or directory.

When looking at a Windows server, the file objects did not have OI/CI set (and this even does not make much sense to use), only the directories have inheritance flags set.

This gives trouble when trying to put sysvol on a GPFS share (with NFSv4 ACLs) as GPFS denies the ACL for a file if inheritance rules are set.
Comment 1 Karolin Seeger 2012-12-04 11:11:15 UTC
Can you please try to reproduce this one with Samba 4.0.0rc6?