Displaying 20 results from an estimated 30000 matches similar to: "GPO not applied, problem with SYSVOL ACL"
2013 Feb 21
1
Destroyed my samba4 domain
Hello,
I am using samba4 with zentyal distro.
I am trying to have user homes mounted as W: and I am trying to use GPO.
I have spurious permissions problems.
I have fixed most of them with "samba-tool ntacl sysvolreset"
But some users write files and cannot see them anymore to read.
The biggest problem is that I have created group policies with Microsoft tools
but they are not applied. I
2017 Dec 14
2
samba-tool ntacl sysvolcheck ERROR
GPOs are not synchronized, because I'm going to delete the zentyal domain,
how can I delete delete all GPOs from AD y sysvol? and start over
[root at srv-cds ~]# samba-tool gpo del {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO {31B2F340-016D-11D2-945F-00C04FB984F9} is linked to containers
ERROR(ldb): Error removing GPO from container - LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS -
El
2020 May 19
1
Sysvol GPO ACLs problem (SOLVED)
Hi,
We have solved the problem and the command 'samba-tool ntacl sysvolreset' is working correctly again. We have been able to reset the SYSVOL permissions and the AD GPOs are working again.
The problem is that if we have the audit options active in the smb.conf, that command stops working. We don't know why. If we temporarily remove them if it works.
I know that we have an old
2017 Dec 14
1
samba-tool ntacl sysvolcheck ERROR
so how can I synchronize GPOs stored under the sysvol directory and
stored in AD.
El 12/14/2017 a las 12:59 PM, Rowland Penny via samba escribió:
> On Thu, 14 Dec 2017 12:25:29 -0500
> "Lic. Liusmer MartÃnez Q via samba" <samba at lists.samba.org> wrote:
>
>> GPOs are not synchronized, because I'm going to delete the zentyal
>> domain,
>>
>>
2019 Jul 31
1
GPO issues - getting SYSVOL cleaned up again
> Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba:
>
> > I pointed to that link becuase of the last message.
> >>> The OU the users were in required read permissions on the
> Authenticated Users security group!
> > Im guyessing this is what your problem is, i just dont know
> where in your AD.
>
> OK, that might be the case.
>
> So
2013 Jan 10
1
ACL on GPO directory does not match expected value from GPO object. AGAIN.
Hi all,
Some (then all) of our workstations were complaining about incorrect
ACLs on GPOs and were unable to read the gpt.ini to apply the GPOs.
So I did a sysvolcheck and sure enough I'd lost the ACLs when I moved
our sysvol share to a new location on the server (whoops, mea culpa).
I ran a sysvolreset which took a long time to return (some 5 minutes,
please see my post on slow winbind
2013 Mar 29
1
GPO Computer settings not applied
Hello,
I'm having one strange issue with latest stable Samba 4.0.4. I'm testing it as a domain controller for two virtual machines.
The Samba AD DC is Debian stable, with two domain members - Windows XP Pro and trial Windows 8 Enterprise.
User configuration using GPOs is working as expected. However, Computer configuration is never applied properly. Event logs show this entry:
------
2020 May 12
1
Sysvol GPO ACLs problem
Hi,
Hello, I have been investigating and I am afraid that our case is the same as this one:
https://lists.samba.org/archive/samba/2017-September/210724.html
As you said, we have a problem with the gidNumber inherited from a migration from samba 3.x NT4 to samba 4.x AD. I have followed your prompts, removing the gidNumber from all AD 'BUILTIN' groups, in addition to the
2019 Aug 01
3
GPO issues - getting SYSVOL cleaned up again
Good morning Stefan.
Your welkom. I see everything worked out now. Great !!
Well done, you made it happen. :-)
What i suggest now, at least these are the steps i always do to make sure the DC's are having a exact same setup.
First, i clear all my logs and reboot one server.
Wait 15-30 min, then go through all you logs, fix every warning/error.
Make it perfect.
Reboot again, repeat
2019 Jun 21
0
GPO ACL
Hello,
I've en error again in the samba AD world.
I use RSAT with the DOMAIN\administrator account to make some GPOs.
Sometimes it doesn't work. So I have checked GPO ACL with 'gpo aclcheck'
command, and this is the return :
got OID=1.2.840.48018.1.2.2
ERROR: Invalid GPO ACL
2019 Jul 31
4
GPO issues - getting SYSVOL cleaned up again
Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba:
> I pointed to that link becuase of the last message.
>>> The OU the users were in required read permissions on the Authenticated Users security group!
> Im guyessing this is what your problem is, i just dont know where in your AD.
OK, that might be the case.
So the step is "add/check ACLs on the SYSVOL-share for
2015 Dec 28
0
Wrong ACL on GPO
Hai Stefan,
If you look from within windows, are you sysvol rights ok?
If so, just ignore these message.
There think there is nothing wrong with your sysvol rights, old bug imo.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Stefan Kania
> Verzonden: maandag 28 december 2015 10:56
> Aan: samba at lists.samba.org
2015 Dec 28
0
Wrong ACL on GPO
Hi,
to chime in here, I had the same problem!
I added the `samba-tool ntacl sysvolcheck` to my rsync script which
fixed all issues for me.
Not sure if you got problems with the GPO besides the check, mine failed
and the computers didn't have access to them.
Thomas
On 28 Dec 2015, at 12:22, Rowland penny wrote:
> On 28/12/15 10:07, L.P.H. van Belle wrote:
>> Hai Stefan,
>>
2015 Oct 13
0
Sysvol acl check failed (solved)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 13.10.2015 um 11:20 schrieb Stefan Kania:
> Am 12.10.2015 um 18:47 schrieb James:
>> On 10/12/2015 12:20 PM, Stefan Kania wrote:
>>> Hello,
>>>
>>> when I check ACLs on my sysvol I got the following errors:
>>>
>>> root at DKHHDC1:~# samba-tool gpo aclcheck ERROR(<type
>>>
2018 Jul 28
2
GPO fail to apply for Computers
Dear all,
after migrating from Samba 4.6.15 to 4.8.3 (two fresh DCs) I see that
computers are no longer applying GPOs while it still works for Users.
GPResult states that GPOs are not applied due to missing access rights.
My smb.conf:
# Global parameters
[global]
netbios name = DC
realm = MY.DOMAIN.TLD
server role = active directory domain controller
server
2018 Apr 29
1
sysvol files - 'The data area passed to a system call is too small'
HI,
We have done something similar using inotify. On the DC1. we watch the
"/usr/local/samba/var/locks/sysvol" folder and if there is any change,
(add, modify or delete), we run "samba-tool ntacl sysvolreset" and we
push those changes to other DCs using rsync. We have created a shell
script that is put in rc.local so that this starts even if the server
reboots.
We chose
2015 Oct 12
0
Sysvol acl check failed
On 10/12/2015 12:20 PM, Stefan Kania wrote:
> Hello,
>
> when I check ACLs on my sysvol I got the following errors:
>
> root at DKHHDC1:~# samba-tool gpo aclcheck
> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
> element'
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 175, in _run
>
2016 Jun 05
1
"Samba cannot handle GPO restrictions"
> On 04 Jun 2016, at 22:14, Miguel Medalha <medalist at sapo.pt> wrote:
>
>
>> Can someone therefore please explain to me what exactly these GPO
>> restrictions are that Samba can't handle? I'd also appreciate if someone
>> could list which other GPO I cannot set successfully using RSAT.
>
> It seems to me that the FAQ is pretty clear. The
2015 Dec 28
3
Wrong ACL on GPO
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I use Samba 4.3.3 and Rowland it dosn't metter if I build it by my
self or install tehe SerNet-Packages ;-)
Everytime I craete a new GPO or change something in an existing GPO,
the test with "samba-tool ntacl sysvolcheck" fails with the following
Error:
- ----------------
ERROR(<class
2015 Oct 13
2
Sysvol acl check failed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 12.10.2015 um 18:47 schrieb James:
> On 10/12/2015 12:20 PM, Stefan Kania wrote:
>> Hello,
>>
>> when I check ACLs on my sysvol I got the following errors:
>>
>> root at DKHHDC1:~# samba-tool gpo aclcheck ERROR(<type
>> 'exceptions.KeyError'>): uncaught exception - 'No such element'