Good morning Carlos, ( at last morning for me. )
Im wondering why you only see UID's and not at least few groups in the
output.
Did you configure nssswitch.conf ?
Did you verify this :
Please check your share rights for sysvol from within windows.
If these are incorrect, correct them and run this script again.
Set your sysvol SHARE permissions as followed.
EVERYONE: READ
Authenticated Users: FULL CONTROL
(BUILTIN or NTDOM)\Administrators: FULL CONTROL
(BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
User/Group system is added compaired to a win2008R2 sysvol, you need
this for some GPO settings.
Set your sysvol FOLDER permissions as followed.
Authenticated Users: Read & Exec, Show folder content, Read
(BUILTIN or NTDOM)\Administrators: FULL CONTROL
(BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos via samba
> Verzonden: vrijdag 21 mei 2021 20:29
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> Yes, in DC1 and DC2, sysvol is equal(i think)
>
> DC1 :
>
> getfacl
> /usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/\{D
> 79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>
> getfacl: Removing leading '/' from absolute path names
> # file:
> usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/{D79B
> 199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
> # owner: 3000008
> # group: 3000008
> user::rwx
> user:3000002:rwx
> user:3000006:rwx
> user:3000010:r-x
> user:3000018:r-x
> user:3000776:r-x
> group::rwx
> group:3000002:rwx
> group:3000006:rwx
> group:3000008:rwx
> group:3000010:r-x
> group:3000018:r-x
> group:3000776:r-x
> mask::rwx
> other::---
>
> samba-tool? gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> GPO????????? : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> display name : GPO_XXX_XXX_128
> path???????? :
> \\xxx.xxx.com.br\SysVol\xxxx.xxxx.com.br\Policies\{D79B199C-B2
> CC-4A0C-A0AB-DBF6C8C9FBAC}
> dn?????????? :
> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
> m,DC=xxxx,DC=xxxx,DC=com,DC=br
> version????? : 2359302
> flags??????? : NONE
> ACL????????? : <hidden>
>
> -------------------------
>
> DC2
>
> getfacl
> /usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/\{D7
> 9B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
> getfacl: Removing leading '/' from absolute path names
> # file:
> usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/{D79
> B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
> # owner: 3000008
> # group: 3000008
> user::rwx
> user:3000002:rwx
> user:3000006:rwx
> user:3000010:r-x
> user:3000018:r-x
> user:3000776:r-x
> group::rwx
> group:3000002:rwx
> group:3000006:rwx
> group:3000008:rwx
> group:3000010:r-x
> group:3000018:r-x
> group:3000776:r-x
> mask::rwx
> other::---
>
>
> samba-tool? gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> GPO????????? : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> display name : XXXX_XXXX_UNIDADE_128
> path???????? :
> \\xxxx.xxxx.com.br\SysVol\xxx.xxxx.com.br\Policies\{D79B199C-B
> 2CC-4A0C-A0AB-DBF6C8C9FBAC}
> dn?????????? :
> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
> m,DC=grupo,DC=xxxx,DC=com,DC=br
> version????? : 2359302
> flags??????? : NONE
> ACL????????? : <hidden>
>
>
> ========================>
>
> regards
>
>
> Em 21/05/2021 14:58, Rowland penny via samba escreveu:
> > On 21/05/2021 18:44, Carlos via samba wrote:
> >> Hi,
> >>
> >> I tried sync idmap.ldb yesterday (but with command tdb
> backups .bak
> >> /usr/local/samba/private/idmap.ldb) ante copy dc1 to dc2,
> but error
> >> continued.
> >>
> >> I runed script:
> >
> >
> > GPO's are stored in two places, on disk in the sysvol
> directory and in
> > AD. The error 'NT_STATUS_OBJECT_NAME_NOT_FOUND' usually occurs
when
> > the GPO is in AD, but not in sysvol. Have you checked the GPO is
> > visible in sysvol ?
> >
> > Rowland
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>