HI!
Good morning Louis :-D
In Samba ADDC I did not configure (I understood that I didn?t need) the
nsswitch part, but I did it now in DC 1 and DC2, it seems to me that it
solved, even before the ids being the same in DC1 and DC2, now it
remains the same with names, but gpupdate no longer gave an error and
successfully loaded the police \ o /
But the samba-tool ntacl sysvolreset gave a different error, it was in a
loop with this message "idmap range not specified for domain
'*'", but
im smb.conf of an ADDC if the idmap is not configured as I remember, at
least I I never did it and I didn't even see it in the documentation.
Is something else wrong now?
Regards;
Em 25/05/2021 04:14, L.P.H. van Belle via samba
escreveu:> Good morning Carlos, ( at last morning for me. )
>
> Im wondering why you only see UID's and not at least few groups in the
output.
> Did you configure nssswitch.conf ?
>
>
> Did you verify this :
>
> Please check your share rights for sysvol from within windows.
> If these are incorrect, correct them and run this script again.
> Set your sysvol SHARE permissions as followed.
> EVERYONE: READ
> Authenticated Users: FULL CONTROL
> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
> User/Group system is added compaired to a win2008R2 sysvol, you need
> this for some GPO settings.
>
> Set your sysvol FOLDER permissions as followed.
> Authenticated Users: Read & Exec, Show folder content, Read
> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Carlos via samba
>> Verzonden: vrijdag 21 mei 2021 20:29
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>>
>> Yes, in DC1 and DC2, sysvol is equal(i think)
>>
>> DC1 :
>>
>> getfacl
>> /usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/\{D
>> 79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>>
>> getfacl: Removing leading '/' from absolute path names
>> # file:
>> usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/{D79B
>> 199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>> # owner: 3000008
>> # group: 3000008
>> user::rwx
>> user:3000002:rwx
>> user:3000006:rwx
>> user:3000010:r-x
>> user:3000018:r-x
>> user:3000776:r-x
>> group::rwx
>> group:3000002:rwx
>> group:3000006:rwx
>> group:3000008:rwx
>> group:3000010:r-x
>> group:3000018:r-x
>> group:3000776:r-x
>> mask::rwx
>> other::---
>>
>> samba-tool? gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>> GPO????????? : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>> display name : GPO_XXX_XXX_128
>> path???????? :
>> \\xxx.xxx.com.br\SysVol\xxxx.xxxx.com.br\Policies\{D79B199C-B2
>> CC-4A0C-A0AB-DBF6C8C9FBAC}
>> dn?????????? :
>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>> m,DC=xxxx,DC=xxxx,DC=com,DC=br
>> version????? : 2359302
>> flags??????? : NONE
>> ACL????????? : <hidden>
>>
>> -------------------------
>>
>> DC2
>>
>> getfacl
>> /usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/\{D7
>> 9B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>> getfacl: Removing leading '/' from absolute path names
>> # file:
>> usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/{D79
>> B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>> # owner: 3000008
>> # group: 3000008
>> user::rwx
>> user:3000002:rwx
>> user:3000006:rwx
>> user:3000010:r-x
>> user:3000018:r-x
>> user:3000776:r-x
>> group::rwx
>> group:3000002:rwx
>> group:3000006:rwx
>> group:3000008:rwx
>> group:3000010:r-x
>> group:3000018:r-x
>> group:3000776:r-x
>> mask::rwx
>> other::---
>>
>>
>> samba-tool? gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>> GPO????????? : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>> display name : XXXX_XXXX_UNIDADE_128
>> path???????? :
>> \\xxxx.xxxx.com.br\SysVol\xxx.xxxx.com.br\Policies\{D79B199C-B
>> 2CC-4A0C-A0AB-DBF6C8C9FBAC}
>> dn?????????? :
>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>> m,DC=grupo,DC=xxxx,DC=com,DC=br
>> version????? : 2359302
>> flags??????? : NONE
>> ACL????????? : <hidden>
>>
>>
>> ========================>>
>>
>> regards
>>
>>
>> Em 21/05/2021 14:58, Rowland penny via samba escreveu:
>>> On 21/05/2021 18:44, Carlos via samba wrote:
>>>> Hi,
>>>>
>>>> I tried sync idmap.ldb yesterday (but with command tdb
>> backups .bak
>>>> /usr/local/samba/private/idmap.ldb) ante copy dc1 to dc2,
>> but error
>>>> continued.
>>>>
>>>> I runed script:
>>>
>>> GPO's are stored in two places, on disk in the sysvol
>> directory and in
>>> AD. The error 'NT_STATUS_OBJECT_NAME_NOT_FOUND' usually
occurs when
>>> the GPO is in AD, but not in sysvol. Have you checked the GPO is
>>> visible in sysvol ?
>>>
>>> Rowland
>>>
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>