Displaying 20 results from an estimated 7000 matches similar to: "Strange problem with GPOs"
2016 Jun 24
2
GPOs: only Default Domain Policy is being applied, ohers are ignored
I recently discovered that only the Default Domain Policy is being applied.
All other GPOs seem to be ignored. All Sysvol filesystem objects have the
right permissions. Both DCs are running Samba 4.4.3 over CentOS 7. There are
no related errors in logs or Windows Event Viewer. Other policies did work
before. I noticed that the corresponding filesystem objects were lastly
placed on users desktops
2023 Dec 05
1
Question on sysvol replication, GPOs and sysvolreset
Try:
http://samba.bigbird.es/doku.php?id=samba:sync-sysvol
I would recommend one way sync always from PDC FSMO owner, as this is the machine the GPOs get created in by default.
And of course :
http://samba.bigbird.es/doku.php?id=samba:sync-idmap.ldb
Regards.
LP
On 5 Dec 2023 at 13:47 +0100, Jakob Curdes via samba <samba at lists.samba.org>, wrote:
> Hello,
>
> I am wondering
2023 Dec 05
1
Question on sysvol replication, GPOs and sysvolreset
Hello,
I am wondering whether I have all pieces together for a scenatio with
two DCs and GPOs being used.
Obviously the GPOs need to be replicated between DCs, I use "osync" as
per the samba wiki
(https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround).
In that documentation the sysvolreset command is issued every time on
the second DC after
2018 Feb 06
0
GPOs not Working!
On 02/06/2018 03:13 PM, Rowland Penny via samba wrote:
> On Tue, 6 Feb 2018 15:03:16 -0400
> Robert Marcano via samba <samba at lists.samba.org> wrote:
>
>> Thanks for the information, to use a default GPO was a simple way to
>> try to encourage someone to reproduce the problem.
>>
>> I already created new GPOs (this is a test domain) Using the default
2018 Feb 06
0
GPOs not Working!
On 02/06/2018 03:20 PM, lingpanda101 via samba wrote:
> On 2/6/2018 2:03 PM, Robert Marcano via samba wrote:
>> On 02/06/2018 02:52 PM, lingpanda101 via samba wrote:
>>> On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
>>>> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
>>>>> Hello,
>>>>>
>>>>> i have a testing
2018 Feb 06
2
GPOs not Working!
On Tue, 6 Feb 2018 15:03:16 -0400
Robert Marcano via samba <samba at lists.samba.org> wrote:
> Thanks for the information, to use a default GPO was a simple way to
> try to encourage someone to reproduce the problem.
>
> I already created new GPOs (this is a test domain) Using the default
> filter for a new GPO, "Authenticated users", creating a new group for
2018 Feb 07
0
GPOs not Working!
Hai,
Ok, for the sysvol.
I'll put all steps here again.
I suggest start with this one.
wget https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh
This checks and set the rights to be known to be right. ( aka works great for me ) ;-)
Then follow these steps.
- login as dom\administrator.
- start computer manager, connect to dc.
- klik Shared Folders, Shares,
2018 Feb 07
0
GPOs not Working!
On 02/06/2018 03:24 PM, L.P.H. van Belle via samba wrote:
> ok,
>
> do the following.
> set ignore systemacl to yes on sysvol and netlogon.
Added "acl_xattr:ignore system acls = yes" to both shares, restarted the
server
>
> login as dom\administrator
> computer manager, connect to dc.
> share sysvol, goto share security, reset to defalts.
> same for
2014 Jul 01
0
GPOs updating on some client systems and not others
Hello,
I have 3 sernet-samba-ad domain controllers replicating with rsync-based sysvol replication as per https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO, https://wiki.samba.org/index.php/SysVol_Replication and https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC.
The issue I am experiencing is that gpupdate.exe on clients joined to the domain fails on some machines and not others.
2017 Aug 25
0
sysvolreset doesn't reset all ACLs
Time to take a step back: My original problem is that clients can no
longer read or update their GPOs.
gpupdate fails on the default domain policy, claiming it can't read some
files. If I open said file via Explorer on the same user account, it
works – with \\domain\sysvol\… as well as when browsing every single DC
individually via \\foo-dc\sysvol\…
It's hard to tell (I'm running
2013 Jan 27
1
GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1
Hi!
I have updated our server from Samba 4 alpha 17 to Samba 4.0.1.
Everything seems to work fine after some reconfiguration, but our
GPOs are not working anymore.
Samba 4 alpha 17 was using ntvfs and the root partition with the sysvol share was mounted with "user_xattr" only in /etc/fstab.
Samba 4.0.1 is now set to use s3fs and the root partition is mouted with
2018 Feb 07
1
GPOs not Working!
On 02/07/2018 05:01 AM, L.P.H. van Belle via samba wrote:
> Hai,
>
> Ok, for the sysvol.
> I'll put all steps here again.
>
> I suggest start with this one.
> wget https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh
> This checks and set the rights to be known to be right. ( aka works great for me ) ;-)
>
Thanks, but before I run that
2018 Feb 07
1
GPOs not Working!
hai Micha,
The why is explained here.
https://wiki.samba.org/index.php/The_SYSTEM_Account
Which in the end has todo with SID_BOTH, one sid for a user and group, linux does not understand that correctly.
with : acl_xattr:ignore system acls = [yes|no]
When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by this module. The default is no, which means that Samba
2018 Feb 06
2
GPOs not Working!
On 2/6/2018 2:03 PM, Robert Marcano via samba wrote:
> On 02/06/2018 02:52 PM, lingpanda101 via samba wrote:
>> On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
>>> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
>>>> Hello,
>>>>
>>>> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
>>>> Kerberos
2019 Jun 21
0
GPO ACL
Hello,
I've en error again in the samba AD world.
I use RSAT with the DOMAIN\administrator account to make some GPOs.
Sometimes it doesn't work. So I have checked GPO ACL with 'gpo aclcheck'
command, and this is the return :
got OID=1.2.840.48018.1.2.2
ERROR: Invalid GPO ACL
2016 Jun 17
0
Rsync GPOs Erro Sysvol
Hello!
something else I can try?
Thanks
Em 15-06-2016 12:41, Carlos A. P. Cunha escreveu:
>
> Hello!
> It may be, what I did yesterday was to adjust the /etc/nsswitch.conf
> of my DCs, and again ran the sysvolreset takes more than 10 minutes it
> changed several files (permissions) within the Sysvol, but Finau gave
> error (the same) .
> The some form of correction?
2016 Jun 17
2
Rsync GPOs Erro Sysvol
On 6/17/2016 11:10 AM, Carlos A. P. Cunha wrote:
> Hello!
>
>
> something else I can try?
>
>
> Thanks
>
>
> Em 15-06-2016 12:41, Carlos A. P. Cunha escreveu:
>>
>> Hello!
>> It may be, what I did yesterday was to adjust the /etc/nsswitch.conf
>> of my DCs, and again ran the sysvolreset takes more than 10 minutes
>> it changed several
2018 May 25
1
syscolcheck error / Could not convert sid S-1-5-32-544 to uid
On 25 May 2018 at 17:09, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Fri, 25 May 2018 16:39:22 +0200
> Henry Jensen <hjensen at mailbox.org> wrote:
>
> >
> > OK, maybe this is something which should be mentioned in the wiki. The
> > reason I got to this was that I wanted to try sysvol replication. The
> > wiki mentions at
> >
2017 Nov 14
1
Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The error you are getting is usually caused by adding GPOs to the first
> DC and then NOT copying them to the second DC before running
> 'sysvolreset'. The GPOs are also stored in AD, 'sysvolreset' reads AD
> to find where the GPOs are supposed to be, but if it cannot find any,
> it errors out.
2015 Nov 24
4
getting started with GPOs
So the GPO Management Tool works under Windows 8.1 for you?
On Tue, Nov 24, 2015 at 3:11 AM, mourik jan c heupink <heupink at merit.unu.edu
> wrote:
>
>
> On 24-11-2015 0:29, Jeff Dickens wrote:
>
>> On the Samba side the only thing I see in the logs are some complaints
>> about not being able to load the printer list.
>>
> That probably not related.
>