similar to: GPO Security Filtering "Access Denied"

Greetings. I have provisioned a test AD domain (single DC initially), and joined a single workstation to it. When I use the "Default Domain Policy" that already exist on the newly domain tree, the user level policies are applied perfectly, but machine level policies don't. The "Default Domain Policy" includes "Authenticated Users" read and apply on the

Hello. samba --version Version 4.19.5-Ubuntu Samba as Active Directory controller. 2 scenarios. # First scenario : * On a Windows client, from RSAT, I create a new GPO named "firstgpo". * Still in RSAT, I then create a second GPO "scndgpo" with some parameters that I backup (right clic on the GPO => Backup...). * Then I right clic on "firstgpo" and select

>> FYI I just found where to add a particular permission. >> I tried to add "Read" (not apply) to "Authenticated Users", >> and got a "Unable to save permission changes on {3729C4F3-A62A-4805-AB02-728CE538BA23}. >> Access is denied" >> So I can't even add that permission. This means that you have another problem somewhere (sysvol

Ah, yes, oeps sorry, and i did run out of the office yesterday, so didnt see this.. 3000002:rwx 3000003:r-x wbinfo --uid-to-sid=3000003 S-1-5-11 wbinfo --uid-to-sid=3000002 S-1-5-18 wbinfo --sid-to-name=S-1-5-11 NT AUTHORITY\Authenticated Users 5 wbinfo --sid-to-name=S-1-5-18 NT AUTHORITY\SYSTEM 5 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba

to fix this, try the following remove the content in the sysvol folder (move it away) run samba-tool with sysvol reset copy the content back with now setfacl copy the acl recursive to the 'domain folder' in vol back. now on a windows open group policy editor klik on the gp objects. if needed , it say i needs some right fix. when this is done dont sysvol reset anymore. this is a

> root at graz-dc-sem.ad.tao.at# wbinfo --sid-to-name=S-1-5-11 > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup sid S-1-5-11 So how fucked is my domain? On 2017-08-25 08:09, L.P.H. van Belle via samba wrote: > Ah, yes, oeps sorry, and i did run out of the office yesterday, so didnt see this.. > > 3000002:rwx > 3000003:r-x > > wbinfo

Hai Elias, Lucky you, im in a good mood and im "still" at work ;-) .. # Add [sysvol] acl_xattr:ignore system acls = yes path = /var/lib/samba/sysvol read only = No Did you set the parameter: APPLY_CHANGES_DIRECT="no" To yes, if not do it. Restart samba-ad-dc. Then, goto you GPO editor in windows, and klik every GPO object once. Some might complain about

Hai, the steps are (basily) good, only this one can be better.   >To solve, I executed the following commands: >Chown 10060: 30028 -R sysvol >Chmod 775 -R sysvol   If you use acl_xattr:ignore system acls = yes on the sysvol share, you must configur the share from withing windows.  (* or use smbcalcs , but i never used it. )   This is what i see:   ls -al  sysvol total 24 drwxrwx---+ 3

Hi all, We'er running a classicupgraded samba4 AD 4.1.6 sernet for a month or two now, and all is very well. :-) It has been classicupgraded using the same 4.1.6. Today I wanted to try GPO's and they are not applied. GPUpdate /force tells me: "Windows attempted to read the file blahblah\gpt.ini from a domain controller and was not successful". Taken from the mailinglist, I

On 25/10/2020 20:20, Sonic wrote: > On Sun, Oct 25, 2020 at 4:02 PM Rowland penny via samba > <samba at lists.samba.org> wrote: >> What do you mean by 'working domain' and 'non-working domain' ? >> Do you have two domains ? > Different sites, different companies, not related. The working one was > also a classic upgrade but earlier on, pre 4.6.x. Just

> -----Oorspronkelijk bericht----- > Van: Sonic [mailto:sonicsmith at gmail.com] > Verzonden: woensdag 28 oktober 2020 14:24 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO fail and sysvol perm errors > > Good day Louis, > > On Wed, Oct 28, 2020 at 3:46 AM L.P.H. van Belle > <belle at bazuin.nl> wrote: > > Ok, im

On 7/22/2016 3:37 AM, Rowland penny wrote: > On 21/07/16 22:18, Trenta sis wrote: >> I'm not sure what are you deatiling, is a bug in progress taht can cause >> this random problems with some gpos or this error can be ignored? >> >> 2016-07-21 20:37 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: >> >>> Hi, >>> >>> First of all

On Sun, Oct 25, 2020 at 4:02 PM Rowland penny via samba <samba at lists.samba.org> wrote: > What do you mean by 'working domain' and 'non-working domain' ? > Do you have two domains ? Different sites, different companies, not related. The working one was also a classic upgrade but earlier on, pre 4.6.x. Just using it to compare. > I am also trying to understand why

Hi, Do you have any specific error message in Windows events log concerning GPO? Regards Le 24/07/2016 à 05:40, Min Wai Chan a écrit : > Dear All, > I've recently upgrade from samba 4.1.x to samba 4.2.14 and found that GPO > are having issue > > Specifically when I'm adding new using they *never *got the gpupdate > success fully. > > When I run samba-tool ntacl

Hello, I've en error again in the samba AD world. I use RSAT with the DOMAIN\administrator account to make some GPOs. Sometimes it doesn't work. So I have checked GPO ACL with 'gpo aclcheck' command, and this is the return : got OID=1.2.840.48018.1.2.2 ERROR: Invalid GPO ACL

Hi, That's look more like a gpupdate output than an event log entry :-) Le 24/07/2016 à 20:46, Min Wai Chan a écrit : > Hello Sébastien Le Ray, > > The PC reply the following... > > The processing of Group Policy failed. Windows could not resolve the user > name. This could be caused by one or more of the following: > a) Name Resolution failure on the current domain

Hi Louis I have moved "empresa.com.br" folder to /root. After I run samba-tool ntacl sysvolreset, but some errors appear: samba-tool ntacl sysvolreset open: error=2 (No such file or directory) ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run

Hi Marc, Ok, I apologise, I was unsure if the number {31B2F340-016D-11D2-945F-00C04FB984F9} was something sensitive password-like or not, so i changed it slightly.... Sorry..! The number is actually the number as you quote it below for the Default Domain Policy. > The two GUID directories, that exist on every AD DC, are > > {6AC1786C-016F-11D2-945F-00C04FB984F9} = Default Domain

I'm running rc6, but it's not a clean installation, it's samba3 upgraded to 4.0 in ages of beta2. samba-tool ntacl sysvolcheck dies with message about incorrect acl on gpo, but that acl is set by sysvolreset. lobus at sirius-a:~$ sudo samba-tool ntacl sysvolcheck ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO

Hi Bob, > > I have setup 'profiles' and 'home share' per the instructions on Samba > wiki. That seemed to go fine. > > When I moved on to 'folder re-direction' I tried to open GPO management > on my W7 client and received a "User policy could not be updated > successfully . . ." on the windows CP console. Started googling the > error and