similar to: Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies

cool! root at dc1:~ # wbinfo -r richard.h 10001 3000008 10000 10014 10004 10005 3000005 3000009 3000000 -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba Sent: 12 January 2017 22:57 To: samba at lists.samba.org Subject: Re: [Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies On 1/12/2017 3:47 PM,

I remain baffled as to why richard.h cannot access the sysvol share. Permissions all seem ok from what I can see and I'm not sure why this should be any different from normal AD share behaviour (our other shares are working fine for domain users) I would really appreciate it if someone could let me know whether the sysvol has become corrupt in some way and I am wasting my time even trying

Hi All, Trying to avoid making this into a "Me too" response :) but this is the single largest issue I have with Samba at the moment, I've struggled with this for literally years, both before I switched to rfc2307 (which did help in many areas) and since switching. I am following this thread with great interest, in the hope that I can get my GPOs working, too. Currently I've

Hi root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes ...some error information... Checked 3647 objects (2 errors) root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix Checking 3647 objects Checked 3647 objects (0 errors) root at dc1:~ # getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path

Hi here are the commands in the order I ran them: root at dc1:~ # systemctl stop samba root at dc1:~ # net cache flush root at dc1:~ # samba-tool ntacl sysvolreset root at dc1:~ # net cache flush root at dc1:~ # samba-tool ntacl sysvolcheck root at dc1:~ # systemctl start samba root at dc1:~ # smbclient //localhost/sysvol -UAdministrator -c 'ls' Enter Administrator's password:

Hi Rowland, I've done the below and retried to log on as a normal user, but sadly: C:\> gpupdate /force still returns The processing of Group Policy failed. Windows attempted to read the file \\ct.mydomain.com\sysvol\ct.mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until

Hi James The output is as follows... wbinfo --gid-info=10013 => CT\domain admins:x:10013: wbinfo --gid-info=10014 => CT\domain users:x:10014: wbinfo --uid-info=3000000 => BUILTIN\administrators:*:3000000:3000000::/home/BUILTIN/administrators:/bin/false wbinfo --uid-info=3000008 => CT\domain admins:*:3000008:3000008::/home/CT/domain admins:/bin/false Yes I have set

Hi Andrew, thanks so much for the feedback. Yes, you're 100% right. I'm new at this and originally changed the default GPO, however subsequently reset the default and created a new GPO. (so this getfacl output is post creation of a new GPO) The getfacl output is shown here: # getfacl /usr/local/samba/var/locks/sysvol/mydomain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}

On 1/12/2017 2:09 PM, Rowland Penny via samba wrote: > On Thu, 12 Jan 2017 20:46:15 +0200 > Richard via samba <samba at lists.samba.org> wrote: > >> Hi James >> >> The output is as follows... >> >> wbinfo --gid-info=10013 => CT\domain admins:x:10013: >> >> wbinfo --uid-info=3000008 => CT\domain >>

On 1/12/2017 3:47 PM, Richard via samba wrote: > Hi > > root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes > ...some error information... > Checked 3647 objects (2 errors) > root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > Checking 3647 objects > Checked 3647 objects (0 errors) > > root at dc1:~ # getfacl

I have Samba 4.5.3 working fine as an AD DC and DNS provider. I now need to set up a group policy on the DC but I am having problems with the internal sysvol and netlogon shares. Via the Windows Group Policy Manager snap-in I successfully created a GPO specifying the DC as the primary time source for all clients, using the Administrator user ...but my windows domain test client

On 1/12/2017 3:25 PM, Richard via samba wrote: > Hi > > here are the commands in the order I ran them: > > root at dc1:~ # systemctl stop samba > root at dc1:~ # net cache flush > root at dc1:~ # samba-tool ntacl sysvolreset > root at dc1:~ # net cache flush > root at dc1:~ # samba-tool ntacl sysvolcheck > root at dc1:~ # systemctl start samba > root at dc1:~ #

On 1/12/2017 2:47 PM, Richard via samba wrote: > Hi Rowland, > > I've done the below and retried to log on as a normal user, but sadly: > > C:\> gpupdate /force still returns > > The processing of Group Policy failed. Windows attempted to read the file \\ct.mydomain.com\sysvol\ct.mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain

Hai, Ok, i expected a bit different outputs. On my DC, i use /home/samba/sysvol and /home/samba/netlogon. This is what i expected. getfacl /home/samba/ getfacl: Removing leading '/' from absolute path names # file: home/samba/ # owner: root # group: BUILTIN\134administrators user::rwx user:root:rwx group::rwx group:BUILTIN\134administrators:rwx

Hello Luis tomorrow i'm not in office, reply to you thursday One question : who is owner and whats rights for dir     /home     /home/samba     /home/samba/sysvol because, from windows client, user into domain admins, when i change in security tab, explorer always crash bye Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto: > Ok, next, > > From a windows pc connect to

Please read the reported bug and bjorn answer.. which does not help any to a solution of fix, or explenation. But the big question now is, does someone somewhere know what bjorn is talking about. i did search for "gencache" but no go here.. just from old documentation. https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html gencache.tdb Generic caching database.

> On 29.09.2017 11:44 Rowland Penny wrote: > Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ? Yes, I had modified two lines in /etc/nsswitch.conf: passwd: files winbind group: files winbind No, I had not seen a pointer to libnss, but now did ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/ ln -s

> Gesendet: Dienstag, 26. Mai 2015 um 13:31 Uhr > Von: "Rowland Penny" <rowlandpenny at googlemail.com> > An: "Stephan Mattecka" <ste-fun_s at gmx.de> > Cc: samba at lists.samba.org > Betreff: Re: Aw: Re: [Samba] [SAMBA] Problems with joining a second DC to AD > > On 26/05/15 10:42, Stephan Mattecka wrote: > > Gesendet: Donnerstag, 21. Mai

On 30/04/15 09:09, L.P.H. van Belle wrote: > ( sorry for mailing directly bjorn, but please have a look ) > > I still think this is a bug.. > > why not a bug: > If i do assign a UID/GID to a user, then yes, this wil work fine. > new users and groups sure.. but now im talking about the default domain groups.. > > why a bug: > User administrator and the domain groups

Hello list, I am not sure if this is a bug or known already but I will describe it. I have two domain controllers running on 4.1.12/sernet which are linked together. I am using unison for bidirectional sync for the sysvol directory as described on samba's wiki, although in my opinion the problem I will describe in the following has nothing to do with the sync process. The sync occurs every