[Samba] Clients unable to get group policy...
James
lingpanda101 at gmail.com
Thu Jun 4 06:46:18 MDT 2015
On 6/3/2015 11:43 AM, Ryan Ashley wrote:
> James, I cloned it using git. I installed it to a private partition
> (/samba) back when I was first testing Samba4. It is in the path and
> this worked for ages, but recently just stopped. No errors, no warnings,
> nothing. Just dead.
>
> The GP in question is the default domain policy. I already tried
> unlinking it and it fails on the next one. I only have two GPOs, so it
> cannot "read" either one. I also noted that, during one of my angry
> moments, I just kept spamming "gpupdate" in a DOS box on the workstation
> and suddenly it worked once, then went back to erroring out. Spamming it
> has not fixed it since. I even wrote a small batch script which looped
> until gpupdate returned success. It went into an endless loop which
> lasted about 20hrs before I stopped it.
>
> As for the sysvol location, it is in "/samba/var/locks/sysvol", which
> worked for a few years, and has just stopped. Permissions appear to be
> correct.
>
> On 05/29/2015 11:24 AM, James wrote:
>> On 5/29/2015 10:40 AM, Ryan Ashley wrote:
>>> Thank you, Louis. This has not corrected the getent and id issue, however.
>>>
>>> On 05/29/2015 10:13 AM, L.P.H. van Belle wrote:
>>>
>> Ryan,
>>
>> Is it a specific GP that can't be read? Can you remove all links to
>> one workstation and leave just the default domain GP and test? Did you
>> install samba from tar and provide the location for sysvol in the build?
>>
Ryan,
It definitely sounds like a permission problem. I can only think of
one other thing. Try
samba-tool ntacl sysvolreset --use-ntvfs
See if gpupdate works. If it works try
samba-tool ntacl sysvolreset --use-s3fs
Are you using a central store for group policy? I'm not sure what else
to try.
--
-James
More information about the samba
mailing list