[Samba] Continued Group Policy issues
Rowland Penny
rpenny at samba.org
Thu Jul 12 12:50:28 UTC 2018
On Thu, 12 Jul 2018 18:13:47 +0530
Anantha Raghava via samba <samba at lists.samba.org> wrote:
> Hi,
>
> We have 4 Domain Controllers all on CentOS 7.5 and Samba Version
> 4.7.5.
>
> We are using iNotify to watch the folder and pushing any changes made
> to GPO from our first Domain Controller.
>
> Off late, we started observing that, unless the client is reading the
> Group Policies from the first Domain Controller, none of the Group
> Policies gets applied. On the Windows Clients, we have observed that
> clients are reporting "Access Denied" error to Group Policy Objects
> on other Domain Controllers.
>
> "samba-tool ntacl sysvolcheck" reports no errors on the GPO on any
> Domain Controllers. Yet, the clients report "Access Denied" on all
> other DCs except first one.
>
> What could have gone wrong? Any clues?
>
I take it you are syncing 'sysvol' to the DC's from the first DC, but
are you also syncing idmap.ldb as well ?
Rowland
More information about the samba
mailing list