On 28/10/2022 12:49, Bering, Uwe via samba wrote:> Hi togehter,
>
> for each of our 20 schools we run a debian Server (bullseye) with Samba
4.16.5 as primary ad-dc.
No such thing as a 'primary' DC, there is the FSMO
'PDC_Emulator' role,
but this doesn't make it the primary DC.
There's no replication to another dc, there isn't another dc at all in
this network. It worked fine in all demands
I do hope that you are backing up the AD domain, because you have a
single point of failure there.
>
> Now I tried fort he first time to use the GPOs.
> The Installation of a central admx-store worked fine and also the first GPO
I applied to a client.
>
> After some experiments I just encountered an error when invoking gpupdate
on the client:
>
> = = = = = = = = = = = = > ?The processing of Group Policy failed.
Windows attempted to read the file
\\domain.local\sysvol\domain.local\Policies\{9CF5E225-C40D-452D-A5CE-0288D40407BA}\gpt.ini
from a domain controller and was not successful. Group Policy settings may not
be applied until this event is resolved.
> = = = = = = = = = = = =
I do hope that 'domain.local' is a placeholder for your actual dns
domain and that it doesn't end in '.local', if it does, turn of
Avahi
everywhere and do not connect from a Mac.
>
> From the client I can open
\\[server]\\sysvol\[domain]\Policies\[guid]\GPT.INI, I have even write access to
this location.
>
> Does anybody have an idea to solve this Problem?
>
> Viele Gr??e
> Uwe
>
Have you tried running 'samba-tool ntacl sysvolcheck' and if required
'samba-tool ntacl sysvolreset'
Rowland