search for: mercurio2

Hi, We have 3 samba 4.9.13 AD DC servers (mercurio1, mercurio2, mercurio7), replicating without error. When we add a W2008R2 as additional DC (mercurio3) replication works fine until 24h pass and it fails. On the samba4 DCs side, the command samba-tool drs showrepl shows no error. On the W2008R2 side the command repadmin /showrepl shows inbound replicati...

...o create a new AD GPO, it fails with the message (sorry, we have windows in Spanish, it's not literal translation): "this security identifier cannot be assigned as object owner". If we execute in the linux DC a sysvol check (samba-tool ntacl sysvolcheck), we get this error: [root at mercurio2 ~]# samba-tool ntacl sysvolcheck WARNING: The "server schannel" option is deprecated ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/eadom.ea/Policies/{9F3EF1BC-6E68-46C4-B6...

...3.x NT4 to samba 4.x AD. I have followed your prompts, removing the gidNumber from all AD 'BUILTIN' groups, in addition to the 'Administrators' group, with the sole exception of the 'Domain Users' group. Doing so already works the wbinfo command for those groups: [root at mercurio2]# wbinfo --sid-to-uid=S-1-5-32-549 3001417 And also the sysvol permission correction script (samba-check-set-sysvol.sh), but we still can't create or edit GPOs. And if we open the SYSVOL shared folder properties from a windows computer, with the 'Computer Management' MMC, in the Secu...

...> followed your prompts, removing the gidNumber from all AD > 'BUILTIN' groups, in addition to the 'Administrators' group, > with the sole exception of the 'Domain Users' group. Doing so > already works the wbinfo command for those groups: > > [root at mercurio2]# wbinfo --sid-to-uid=S-1-5-32-549 > 3001417 > > And also the sysvol permission correction script > (samba-check-set-sysvol.sh), but we still can't create or > edit GPOs. And if we open the SYSVOL shared folder properties > from a windows computer, with the 'Computer...