similar to: [samba as AD] Scripting GPO creation

Displaying 20 results from an estimated 10000 matches similar to: "[samba as AD] Scripting GPO creation"

2016 Jul 06
2
[samba as AD] Scripting GPO creation
PS: I could share information about what should be modified to modify the very same GPO, I didn't yet as I'm not sure anyone there would be interested and because that would work only for that kind of GPO. 2016-07-06 17:08 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Context: several teams have to manage only a a bunch of the company's > computers, so these
2016 Jul 06
0
[samba as AD] Scripting GPO creation
You may be able to edit the GPO's completely from the linux side. They contain registry.pol files whom's syntax is not so difficult to read and write. https://msdn.microsoft.com/en-us/library/windows/desktop/aa374407%28v=vs.85%29.aspx Am 06.07.2016 um 17:24 schrieb mathias dufresne: > PS: I could share information about what should be modified to modify the > very same GPO, I
2016 Jul 06
0
[samba as AD] Scripting GPO creation
Context: several teams have to manage only a a bunch of the company's computers, so these team must not being able to manage other computers. Firstly we split our computers into several OU, one by team. Secondly we created one group per team. Next step is to create one GPO per computer's OU which will add admins team's to local administrators group. Dealing with GPO (creating some of
2016 Mar 29
3
Permission denied on GPT.ini (Event ID 1058)
To see which DC is used by Windows client: open a MSDOS console, type "set", look for LOGONSERVER=\\<your_dc> <your_dc> is the DC used to connect on. If issue comes from one DC I would have on sysvol synchronisation between DC, ACL on all sysvol, DNS entries (but I don't think that's a DNS issue if you have only GPO issue). 2016-03-29 14:51 GMT+02:00 Sébastien Le
2016 Aug 05
2
Unable to create GPO "Allow log on locally"
Am 04.08.2016 um 17:11 schrieb lingpanda101 at gmail.com: > On 8/4/2016 10:11 AM, nanocosm at gmail.com wrote: >> Hi, >> >> I've a Samba 4.4.5 AD DC working fine. >> But when I try to create a GPO on "Computer Configuration>Policies> >> Windows Settings>Security Settings>Local Policies>User Rights >> Assignment>Allow Logon
2016 Jun 10
2
Rights issue on GPO
Thank you all for these replies. 2016-06-10 9:26 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 10/06/16 07:52, Sébastien Le Ray wrote: > >> Hi >> >> >> Le 09/06/2016 à 20:42, Rowland penny a écrit : >> >>> On 08/06/16 15:34, mathias dufresne wrote: >>> >>>> Hi all, >>>> >>>> [snip]
2016 Mar 29
5
Permission denied on GPT.ini (Event ID 1058)
Complete event id of : > But still, events log show a warning about kerberos ticket from LsaSrv > source and right after a permission denied on GPT.ini And a getfacl of the problem GPO SID please, i'll check. And a output of ipconfig /all on the problem pc. And question, dedicated IP or dhcp IP? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba
2016 Mar 29
3
Permission denied on GPT.ini (Event ID 1058)
Ok, where your pc's get the DNS info from? Server : AD-DC + DNS Or Server : AD-DC + Some other server with DNS Can you give the output of dig NS your.domain.tld and tel us what what is. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray > Verzonden: dinsdag 29 maart 2016 16:31 > Aan: samba at
2016 Mar 30
2
Permission denied on GPT.ini (Event ID 1058)
I found this one. Check which one works for you. http://www.eventid.net/display-eventid-40960-source-LSASRV-eventno-8508-phase-1.htm Im sure this is not a samba configuration problem. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: dinsdag 29 maart 2016 16:18 > Aan: samba at
2015 Nov 17
2
Permission Issues with GPO
Here are my (little) view regarding shares accesses. I write that to clarify things. And it could really be of-topic as Louis seems to have gave solution. There are 2 levels of authorisation for accessing shares: the share level and FS level. For Sysvol I would keep everyone or replace it by "authenticated users" in paranoid mode as the latter refuse non-authenticated users. They are
2016 Oct 19
2
NS records for a new AD DC
2016-10-19 8:56 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Wed, 19 Oct 2016 08:47:25 +0200 > mathias dufresne <infractory at gmail.com> wrote: > > > > > > > > > The domain member will ask its nameserver (which should be an AD > > > DC), > > > > > > > The client send request to its resolver, which
2015 Nov 17
3
Permission Issues with GPO
Let me guess. You accessing your server like : \\servername\netlogon of \\servername\sysvol Well thats protected by windows these these days. Try with \\servername.domain.tld\netlogon or \\servername.domain.tld\sysvol Does that work? Yes, There is a whole chaper of this on the list somewhere.. Best is to read howto override this. https://adsecurity.org/?p=1405 and for you
2015 Nov 17
3
Permission Issues with GPO
I was experiencing problems with Group Policy Objects. The Windows Event Viewer spits out so many different errors, most of them less than helpful, so Iwas seeking help here with some of those messages. In the end, and after many hours and even days of researching this problem, I seem to have pin-pointed the main issue to some simple permission irregularities that I don't know how to
2015 Nov 27
2
"failed access check on" on gpo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hallo, when I do an "samba-tool gpo list username" I get an "faild access check on OU=name,......". But not if I do a "samba-tool gpo listall" then everything is ok. Is this normal? If I take "administrator" as username I didn't get this message. Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2
2017 Aug 31
3
file server: %U or %u?
On Thu, 31 Aug 2017 16:27:12 +0200 mathias dufresne <infractory at gmail.com> wrote: > PS: the short way to explain %u is adding domain/workgroup to > username is the fact we are using trust relationship? > Probably, what you have to get your head around is this: The users 'fred', 'DOMAINA\fred' and 'DOMAINB\fred' are all different users. Winbind will
2015 Nov 17
4
Permission Issues with GPO
On 17/11/15 16:57, Viktor Trojanovic wrote: > Hi Mathias, > > Thanks for replying. It seems you're describing the situation on the > AD DC. Computer and user mode access to my DC works fine and without > any issues but I can't access the shares of my *member* server *in > computer mode*. In user mode, it all works just fine. > > Viktor > > On 17.11.2015
2016 Jun 24
2
Rights issue on GPO
On 6/22/2016 12:21 PM, mathias dufresne wrote: > 2016-06-22 16:37 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>: > >> @Mathias, >> >> Pretty strange then, running some years like this without any problem. >> Yes we had few problems with "rights" in sysvol, but i fixed this all >> outside linux, and with that i mean. Changed rights from within
2016 Apr 14
4
Permission denied on GPT.ini (Event ID 1058)
I hate 'me too' replies - but I have also been struggling with this for some years in my multi-DC environment. (yes, replicated sysvol via lsyncd + rsync; permissions looked identical via getfacl last time I checked). Sometimes a client machine will run gpupdate just fine; other times it will fail, seemingly randomly. My next step was going to be to run wireshark on a client machine to
2016 Jun 22
2
Rights issue on GPO
@Mathias, Pretty strange then, running some years like this without any problem. Yes we had few problems with "rights" in sysvol, but i fixed this all outside linux, and with that i mean. Changed rights from within windows or added registry changes or patches, or a local clean up of the policies. At the install of my DC2 i also synced the idmap.ldb, and then a net idmap flush on
2016 Jun 24
2
Rights issue on GPO
On 6/24/2016 11:40 AM, mathias dufresne wrote: > > > 2016-06-24 15:24 GMT+02:00 lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com> <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>>: > > On 6/22/2016 12:21 PM, mathias dufresne wrote: > > 2016-06-22 16:37 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl >