similar to: Lowercase characters on GPO IDs in Samba source files

On Wed, 28 Jun 2017 20:11:29 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote: > In April 2016 I reported the following typos in three source files > related to sysvol and GPOs. > > ./examples/misc/adssearch.pl:357:"Default Domain Controllers Policy" > => "6AC1786C-016F-11D2-945F-00C04fB984F9" > > ./libgpo/gpo_util.c:46:

Turns out that I was at least half-right, after all. I just opened the files contained in the last Samba release (contained in samba-4.6.5.tar.gz) and although the typos have been corrected in "./python/samba/provision/__init__.py", *they are still there* in "./examples/misc/adssearch.pl" and "./libgpo/gpo_util.c". It happened that, before my first post, I had

On Wed, 28 Jun 2017 21:44:05 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote: > Turns out that I was at least half-right, after all. > > I just opened the files contained in the last Samba release > (contained in samba-4.6.5.tar.gz) and although the typos have been > corrected in "./python/samba/provision/__init__.py", *they are still > there* in

In April 2016 I reported the following typos in three source files related to sysvol and GPOs. ./examples/misc/adssearch.pl:357:"Default Domain Controllers Policy" => "6AC1786C-016F-11D2-945F-00C04fB984F9" ./libgpo/gpo_util.c:46: "6AC1786C-016F-11D2-945F-00C04fB984F9" } ./python/samba/provision/__init__.py:123:DEFAULT_DC_POLICY_GUID =

Oh! It's works. Thanks a lot. God bless you all. --- Gilberto Nunes Ferreira (47) 99676-7530 - Whatsapp / Telegram Em qui., 30 de mai. de 2024 ?s 10:40, miguel medalha <medalist at sapo.pt> escreveu: > For a GPO to work, both "Authenticated Users" and "Domain Computers" must > have "Read" rights. > > On a Policy Object, go to

> On 04 Jun 2016, at 22:14, Miguel Medalha <medalist at sapo.pt> wrote: > > >> Can someone therefore please explain to me what exactly these GPO >> restrictions are that Samba can't handle? I'd also appreciate if someone >> could list which other GPO I cannot set successfully using RSAT. > > It seems to me that the FAQ is pretty clear. The

For a GPO to work, both "Authenticated Users" and "Domain Computers" must have "Read" rights. On a Policy Object, go to "Delegation/Advanced"" and set those rights accordingly.

Hi list, Today, I spent most of the day figuring out why my password policies set via GPO are not applied on a domain level, just to find out that this is not one of the many occasions where Windows is the problem but it's really Samba, for a change. Apparently, password policies can only be changed using samba-tool and not via GPO. IMO, the FAQ is not very clear here.

Thanks, we?ll have to wait and see then ... On Nov 17, 2024 at 18:55 +0100, medalist at sapo.pt, wrote: > See this thread: > https://lists.samba.org/archive/samba/2024-October/249914.html > 17 Nov 2024 17:49:04 medalist at sapo.pt: > >

I hope that someone here can give some advice on the following: I have a Samba based Active Directory. A CentOS 7.6 machine runs as a file server and hosts the Windows user profiles for all the Windows workstations. Now management has decided that they need a Windows server for a couple of administrative applications, which need MS SQL Server. That would be the only role of this Windows.

The Wiki page you pointed to describes a modification to the *Default Domain Policy*. This is probably why you never met the issue I described. As I reported on my previous post, the Default Domain Policy was the only one that kept working after the Microsoft update. All the other GPOs that I had set stopped being applied.

>> Did you think to run 'samba-tool domain tombstones expunge --help' ? No, I didn't, I just assumed that the message "'samba' will remove them daily, 'samba-tool domain tombstones expunge' would do that immediately" would mean exactly that :-). It worked now. Thank you!

On Fri, 10 Aug 2018 14:32:01 +0100 "miguel medalha" <medalist at sapo.pt> wrote: > > >having a particular group > > > set as "Primary group" > > > How are setting the 'primary group' ? > > The 'primary group' had been set a long time ago, when the system was > created. It had been set with ADUC, under the

On 19/12/16 17:57, Miguel medalha wrote: >>> No, I don't, because this is a loopback and I only want certain >>> users on these computers to have the screensaver and lock disabled. If I did that it would apply to everyone. > No, it wouldn't apply to everyone. As of April this year, according to Microsoft, all policies must have "Authenticated Users" with

To fix the rights problem, these are the steps i always follow, since it works for me. I logged in as DOMAIN\Adminstrator on a windows pc. Now backup sysvol, copy the "internal.domain.tld" folder in sysvol to your pc. 2) Delete the "internal.domain.tld" folder in sysvol on the DC. 3) login into linux, run samba-tools ntacl sysvolreset 4) Goto the sysvol folder and run :

On 19/12/16 18:27, Alex Crow via samba wrote: > > > On 19/12/16 17:57, Miguel medalha wrote: >>>> No, I don't, because this is a loopback and I only want certain >>>> users on these computers to have the screensaver and lock disabled. >>>> If I did that it would apply to everyone. >> No, it wouldn't apply to everyone. As of April this

Hello! My Configuration: lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Version Samba: samba-tool -V 4.4.4 My problem is, create a GPO with group Filtering, in case I want the GPO to be applied only to a specific group. When I do this (Filter) it does not load the GPO, only when I leave the

On 19/12/16 15:55, L.P.H. van Belle via samba wrote: > Did you add "domain computers" to the security filter also with Read/apply? > > > Hi Louis, Miguel, I'm applying it to specific computers, so I've created a group with those machines in it. It's not that the problem is applying the GPOs to the machines in the OU and group, the access denied message is a

On Thu, 13 Sep 2018 14:41:54 +0100 miguel medalha via samba <samba at lists.samba.org> wrote: > Hello > > In one of my DCs, when I run ./configure for Samba 4.9.0, it fails > with the following message: > > Checking for lmdb >= 0.9.16 via header check : not > found Samba AD DC and --enable-selftest requires lmdb 0.9.16 or later > > My ./configure command

> > Finally 'browseable' is redundant on a Samba AD DC, there is no > browsing on an AD DC. > Well, sometimes you just *have* to do some file serving out of an AD DC. It happened to me. In that case, if you don't have "browsable = yes" on a share, that share will not appear in the Computer Management applet in Windows and you won't be able to set its