samba - Apr 2016 - Samba as AD-Controller: unable to update policies and call start scripts

Hi list!

I have an Ubuntu 14.04 Server with Samba 4.1.6 acting as Active Directory
controller.

I worked 'till today, now I tried to join a new PC to the domain and it does
not work...

Problems: start and shutdown scripts are NOT called at all, logon scripts are
called on the first PC, but not in the new one.
The new PC did not receive the policies and did not mount the shares.

gpupdate says that it was not possible to load the policies located at
\\cch.intra\SysVol\cch.intra\Policies\...

This is very strange, since the Server's name is DC1, not cch.intra
(cch.intra is the domain).

I tried to connect to \\cch.intra\SysVol, but of course this is not
reachable, but \\dc1\SysVol is reachable.

Has anyone an idea what can be the problem and (most important!) how can I
solve it?

Thanks a lot for your help!
Luca Bertoncello
(lucabert at lucabert.de)

On 07/04/16 20:45, Luca Bertoncello wrote:
> Hi list!
>
> I have an Ubuntu 14.04 Server with Samba 4.1.6 acting as Active Directory
> controller.
>
> I worked 'till today, now I tried to join a new PC to the domain and it
does
> not work...
>
> Problems: start and shutdown scripts are NOT called at all, logon scripts
are
> called on the first PC, but not in the new one.
> The new PC did not receive the policies and did not mount the shares.
>
> gpupdate says that it was not possible to load the policies located at
> \\cch.intra\SysVol\cch.intra\Policies\...
>
> This is very strange, since the Server's name is DC1, not cch.intra
> (cch.intra is the domain).
>
> I tried to connect to \\cch.intra\SysVol, but of course this is not
> reachable, but \\dc1\SysVol is reachable.
>
> Has anyone an idea what can be the problem and (most important!) how can I
> solve it?
>
> Thanks a lot for your help!
> Luca Bertoncello
> (lucabert at lucabert.de)
I think you will find this is the sharepath of the sysvol directory on 
the DC, i.e. on a self compiled Samba it will be:

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

What I think you are un-aware of is, the sysvol dir is not synced 
between DCs, so your sysvol on your second DC may only contain the 
default GPOs, see here for more info:

https://wiki.samba.org/index.php/SysVol_replication_%28DFS-R%29

Rowland
>

Rowland penny <rpenny at samba.org> schrieb:
> I think you will find this is the sharepath of the sysvol directory on 
> the DC, i.e. on a self compiled Samba it will be:
> 
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
> 
> What I think you are un-aware of is, the sysvol dir is not synced 
> between DCs, so your sysvol on your second DC may only contain the 
> default GPOs, see here for more info:
I just have ONE DC...
Any other idea?

Maybe is it possible that my tries with Samba as AD (this is my first
installation of Samba 4 as AD controller) damages the AD-data?
How can I drop all and restart without reinstalling the Server?

Thanks
Luca Bertoncello
(lucabert at lucabert.de)