similar to: GPO not applied, problem with SYSVOL ACL

Hello, I am using samba4 with zentyal distro. I am trying to have user homes mounted as W: and I am trying to use GPO. I have spurious permissions problems. I have fixed most of them with "samba-tool ntacl sysvolreset" But some users write files and cannot see them anymore to read. The biggest problem is that I have created group policies with Microsoft tools but they are not applied. I

GPOs are not synchronized, because I'm going to delete the zentyal domain, how can I delete delete all GPOs from AD y sysvol? and start over [root at srv-cds ~]# samba-tool gpo del {31B2F340-016D-11D2-945F-00C04FB984F9} GPO {31B2F340-016D-11D2-945F-00C04FB984F9} is linked to containers ERROR(ldb): Error removing GPO from container - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - El

Hi, We have solved the problem and the command 'samba-tool ntacl sysvolreset' is working correctly again. We have been able to reset the SYSVOL permissions and the AD GPOs are working again. The problem is that if we have the audit options active in the smb.conf, that command stops working. We don't know why. If we temporarily remove them if it works. I know that we have an old

so how can I synchronize GPOs stored under the sysvol directory and stored in AD. El 12/14/2017 a las 12:59 PM, Rowland Penny via samba escribió: > On Thu, 14 Dec 2017 12:25:29 -0500 > "Lic. Liusmer Martínez Q via samba" <samba at lists.samba.org> wrote: > >> GPOs are not synchronized, because I'm going to delete the zentyal >> domain, >> >>

> Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba: > > > I pointed to that link becuase of the last message. > >>> The OU the users were in required read permissions on the > Authenticated Users security group! > > Im guyessing this is what your problem is, i just dont know > where in your AD. > > OK, that might be the case. > > So

Hi all, Some (then all) of our workstations were complaining about incorrect ACLs on GPOs and were unable to read the gpt.ini to apply the GPOs. So I did a sysvolcheck and sure enough I'd lost the ACLs when I moved our sysvol share to a new location on the server (whoops, mea culpa). I ran a sysvolreset which took a long time to return (some 5 minutes, please see my post on slow winbind

Hello, I'm having one strange issue with latest stable Samba 4.0.4. I'm testing it as a domain controller for two virtual machines. The Samba AD DC is Debian stable, with two domain members - Windows XP Pro and trial Windows 8 Enterprise. User configuration using GPOs is working as expected. However, Computer configuration is never applied properly. Event logs show this entry: ------

Hi, Hello, I have been investigating and I am afraid that our case is the same as this one: https://lists.samba.org/archive/samba/2017-September/210724.html As you said, we have a problem with the gidNumber inherited from a migration from samba 3.x NT4 to samba 4.x AD. I have followed your prompts, removing the gidNumber from all AD 'BUILTIN' groups, in addition to the

Good morning Stefan. Your welkom. I see everything worked out now. Great !! Well done, you made it happen. :-) What i suggest now, at least these are the steps i always do to make sure the DC's are having a exact same setup. First, i clear all my logs and reboot one server. Wait 15-30 min, then go through all you logs, fix every warning/error. Make it perfect. Reboot again, repeat

Hello, I've en error again in the samba AD world. I use RSAT with the DOMAIN\administrator account to make some GPOs. Sometimes it doesn't work. So I have checked GPO ACL with 'gpo aclcheck' command, and this is the return : got OID=1.2.840.48018.1.2.2 ERROR: Invalid GPO ACL

Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba: > I pointed to that link becuase of the last message. >>> The OU the users were in required read permissions on the Authenticated Users security group! > Im guyessing this is what your problem is, i just dont know where in your AD. OK, that might be the case. So the step is "add/check ACLs on the SYSVOL-share for

Hai Stefan, If you look from within windows, are you sysvol rights ok? If so, just ignore these message. There think there is nothing wrong with your sysvol rights, old bug imo. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Stefan Kania > Verzonden: maandag 28 december 2015 10:56 > Aan: samba at lists.samba.org

Hi, to chime in here, I had the same problem! I added the `samba-tool ntacl sysvolcheck` to my rsync script which fixed all issues for me. Not sure if you got problems with the GPO besides the check, mine failed and the computers didn't have access to them. Thomas On 28 Dec 2015, at 12:22, Rowland penny wrote: > On 28/12/15 10:07, L.P.H. van Belle wrote: >> Hai Stefan, >>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 13.10.2015 um 11:20 schrieb Stefan Kania: > Am 12.10.2015 um 18:47 schrieb James: >> On 10/12/2015 12:20 PM, Stefan Kania wrote: >>> Hello, >>> >>> when I check ACLs on my sysvol I got the following errors: >>> >>> root at DKHHDC1:~# samba-tool gpo aclcheck ERROR(<type >>>

Dear all, after migrating from Samba 4.6.15 to 4.8.3 (two fresh DCs) I see that computers are no longer applying GPOs while it still works for Users. GPResult states that GPOs are not applied due to missing access rights. My smb.conf: # Global parameters [global] netbios name = DC realm = MY.DOMAIN.TLD server role = active directory domain controller server

HI, We have done something similar using inotify. On the DC1. we watch the "/usr/local/samba/var/locks/sysvol" folder and if there is any change, (add, modify or delete), we run "samba-tool ntacl sysvolreset" and we push those changes to other DCs using rsync. We have created a shell script that is put in rc.local so that this starts even if the server reboots. We chose

On 10/12/2015 12:20 PM, Stefan Kania wrote: > Hello, > > when I check ACLs on my sysvol I got the following errors: > > root at DKHHDC1:~# samba-tool gpo aclcheck > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run >

> On 04 Jun 2016, at 22:14, Miguel Medalha <medalist at sapo.pt> wrote: > > >> Can someone therefore please explain to me what exactly these GPO >> restrictions are that Samba can't handle? I'd also appreciate if someone >> could list which other GPO I cannot set successfully using RSAT. > > It seems to me that the FAQ is pretty clear. The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I use Samba 4.3.3 and Rowland it dosn't metter if I build it by my self or install tehe SerNet-Packages ;-) Everytime I craete a new GPO or change something in an existing GPO, the test with "samba-tool ntacl sysvolcheck" fails with the following Error: - ---------------- ERROR(<class

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 12.10.2015 um 18:47 schrieb James: > On 10/12/2015 12:20 PM, Stefan Kania wrote: >> Hello, >> >> when I check ACLs on my sysvol I got the following errors: >> >> root at DKHHDC1:~# samba-tool gpo aclcheck ERROR(<type >> 'exceptions.KeyError'>): uncaught exception - 'No such element'