search

diegogslomp / samba-ad-dc

🐳 Docker image of Samba domain controller compiled from source
https://hub.docker.com/r/diegogslomp/samba-ad-dc
GNU General Public License v3.0
46 stars 18 forks source link

issue permision with sysvol #26

Closed killmasta93 closed 1 month ago

killmasta93 commented 1 month ago

Hi Currently we have seemed an issue with permission of sysvol we checked in the container for some odd reason should this

/usr/local/samba/var/locks#  getfacl sysvol/
# file: sysvol/
# owner: root
# group: 3000000
user::rwx
group::rwx
other::---

i believe it should show more info? i checked on a fresh install and found this


# file: sysvol/
# owner: root
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
group::rwx
group:3000000:rwx
group:3000001:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:group::---
default:group:3000000:rwx
default:group:3000001:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---

and on the host with the issue

 ls -lah Policies/
total 51K
drwxrwxr-x  5 root    3000000 5 Jul 23 16:28 .
drwxrwxr-x  4 root    3000000 4 Jun  5 15:44 ..
drwxrwx---+ 4 3000004 3000004 5 Jun  5 15:44 {31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrwx---+ 4 3000004 3000004 5 Jun  5 15:44 {6AC1786C-016F-11D2-945F-00C04FB984F9}
drwxrwxr-x  2 3000004 3000004 2 Jun 12 15:55 {B68882D0-E312-4473-AD9C-F3D21030B2A8}
ls -lah
total 18K
drwxrwxr-x 4 root 3000000 4 Jun  5 15:44 .
drwxrwx--- 3 root 3000000 3 Jun  5 15:44 ..
drwxrwxr-x 5 root 3000000 5 Jul 23 16:28 Policies
drwxrwxr-x 2 root 3000000 2 Jun  5 15:43 scripts

Thank you

killmasta93 commented 1 month ago

hi @diegogslomp let me know what other ways i can troubleshoot the issue? Thank you :)

diegogslomp commented 1 month ago

Hello @killmasta93, sorry for the late answer

You can fix the file permissions from the host with something like setfacl -R -m d:g:3000001:rx /usr/local/samba/var/locks/sysvol

Any trouble let me know

killmasta93 commented 1 month ago

hi @diegogslomp thank you so much for the reply currently i ran the command but now it shows like this


getfacl sysvol/
# file: sysvol/
# owner: root
# group: 3000000
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:group:3000001:r-x
default:mask::rwx
default:other::---

after that i try to run gpupdate same issue showing that does not have permission

diegogslomp commented 1 month ago 
setfacl -R -m g:3000001:rx /usr/local/samba/var/locks/
setfacl -R -m d:g:3000001:rx /usr/local/samba/var/locks/

setfacl -R -m g:3000002:rwx /usr/local/samba/var/locks/
setfacl -R -m d:g:3000002:rwx /usr/local/samba/var/locks/

setfacl -R -m g:3000003:rx /usr/local/samba/var/locks/
setfacl -R -m d:g:3000003:rx /usr/local/samba/var/locks/
killmasta93 commented 1 month ago

that worked amazing any ideas why or what happened? howcome it changed?

diegogslomp commented 1 month ago

Maybe in some image update, or if you copied from other place

Or, since the official way to update domain controllers is demoting the old one and joining a new one with another name, maybe the file permissions from the old version was different from the new

killmasta93 commented 1 month ago

Thank you so much