[Samba] Group policies are not applied

durwin at mgtsciences.com durwin at mgtsciences.com
Mon Apr 29 19:39:11 UTC 2019 

I have hollowed these instructions.
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt

My normal domain is company.com.  For the Samba domain it is 
msi.company.com.

DNS is working. I ran these commands.
host -t SRV _ldap._tcp.msi.company.com.
_ldap._tcp.msi.company.com has SRV record 0 100 389 dc0.msi.company.com.

host -t SRV _kerberos._udp.msi.company.com.
_kerberos._udp.msi.company.com has SRV record 0 100 88 
dc0.msi.company.com.

host -t A dc0.msi.company.com.
dc0.msi.company.com has address 172.23.93.25

host -t A msi.company.com
msi.company.com has address 172.23.93.25

host -t A dc0.msi.company.com
dc0.msi.company.com has address 172.23.93.25

host -t SRV _kerberos._udp.msi.company.com
_kerberos._udp.msi.company.com has SRV record 0 100 88 
dc0.msi.company.com.

host -t SRV _ldap._tcp.msi.company.com
_ldap._tcp.msi.company.com has SRV record 0 100 389 dc0.msi.company.com.

I can even resolve machines on company.com

I can join msi domain, add and modify users, but Group Policies are not 
applied.  I can even logon with created user.

These are Group Policies I added.
Add a Group Policy for adding Domain Users to local Admin group.
https://wiki.samba.org/index.php/Managing_local_groups_on_domain_members_via_GPO_restricted_groups

And this one to display logon message. Scroll down to 'Step 3: Domain 
Group Policy Management'
https://www.tecmint.com/manage-samba4-dns-group-policy-from-windows/


Here is my smb.conf file to start with.  I don't know what else to send at 
this time.

Ub18.04> less /etc/samba/smb.conf
# Global parameters
[global]
    netbios name = DC0
    realm = MSI.COMPANY.COM
    server role = active directory domain controller
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
    workgroup = MSI
    idmap_ldb:use rfc2307 = yes

[netlogon]
    path = /var/lib/samba/sysvol/msi.company.com/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No


Thank you,

Durwin


This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.

More information about the samba mailing list