Hi,
A "little" correction. I said, if I stoped the DC1, then I could run
the
gpupdate without any problem. It's wrong. If I stoped DC2, I could run
gpupdate without any problem, but If I stop DC1 gpupdate still failes.
So something is wrong with the DC2.
Adam
2014-05-16 16:08 keltez?ssel, ?d?m Kolesz?r ?rta:> Hi,
>
> I am using samba 4.1.7 as Domain Controller. Actually I have two samba
> servers DC1 and DC2. DC1 is the primary DC and DC2 joined as another
> DC. We use the Active Directory for a couple of weeks. The directory
> replication works fine, and a sysvol replication works with rsync. (I
> set it up based on the samba wiki). But I have a problem with the
> authentication. If I log in to a windows machine (which is part of the
> domain) I can reach all GPO's folder (and files included) on the
> SYSVOL volume on DC1 but I can't reach on the DC2. The
"authenticated
> users" have read rights on GPO's folders but I can read just on
DC1.
> Then I stopped the DC1, restarted the windows and I could read the
> GPO's directory on DC2.
>
> It looks like if I log in to the Windows I've been added to the
> "authenticated users" group on just one of the domain controllers
not
> all of them. And it generates error when I am running gpupdate. If the
> gpupdate tries to reach the GPO on different server than I logged in,
> I got access denied. It happens on Win8. Win7 works fine. Maybe Win7
> gets the GPO from the same DC every time and the Win8 selects
> randomly. I think when I log in to the a Windows my user should be
> added to the "authenticated users" group on all domain
controllers.
>
> I tried "samba-tool ntacl sysvolreset" multiple times,
haven't solved
> the problem. The sysvol and every GPO folders' permissions are right,
> there is read permission for the "authenticated users" group.
>
> What could be the problem? Am I doing something wrong or it's a bug?
> Is anyone here that facing with this issue?
>
> By the way, how can I list the currently authenticated users on a
> samba server?
>
> Thank You,
> Adam