From 9eb022c8c65663425e60a10a12c2ec52c3017a59 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 16 Oct 2012 13:08:22 +1100
Subject: provision: No longer use the wheel group in new AD Domains

The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).

There is no particularly useful reason for us to enforce this matching
a system group.

Andrew Bartlett
---
 source4/scripting/python/samba/upgrade.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/scripting/python/samba/upgrade.py')

diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 194983c02a..786bb6518e 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -908,7 +908,7 @@ Please fix this account before attempting to upgrade again
 
     if result.server_role == "active directory domain controller":
         setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol,
-                result.paths.root_uid, result.paths.wheel_gid,
+                result.paths.root_uid, result.paths.root_gid,
                 security.dom_sid(result.domainsid), result.names.dnsdomain,
                 result.names.domaindn, result.lp, use_ntvfs)
 
-- 
cgit