[Samba] User GPOs not applied
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 6 07:55:59 UTC 2021
On the PC, run CMD:
GPRESULT /H c:\GPReport.html
check that report.
In which OU is the user created?
ON which OU is the USER GPO set?
ON which OU is the COMPUTER GPO set?
Run a : gupdate /force
Are there now any windows eventid's?
These things are needed to know.
greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Peter Milesson
> via samba
> Verzonden: maandag 5 april 2021 17:28
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] User GPOs not applied
>
> Hi Stefan,
>
> The GPOs do not apply for any user. If I create other OUs and link the
> GPOs there, it's got absolutely no effect. Everything seems to be in
> order using samba-tool, except that the GPOs do not show up for users.
> The GPOs do not show up even if I apply them to Authenticated users.
> Computer GPOs work, but not User GPOs.
>
> Thanks for your input.
>
> Best regards,
>
> Peter
>
> On 2021-04-05 14:06, Stefan Kania via samba wrote:
> > The first step to do if a GPO for a user is not working is "samba-tool
> > gpo list <username>" to see if the GPO is relevant for the user. If your
> > GPO is not listed check that the user is in the ou you linked the GPO
> to.
> >
> >
> > Am 05.04.21 um 09:04 schrieb Peter Milesson via samba:
> >> Hi folks,
> >>
> >> I have got a problem where GPOs set for a single user or a user group
> >> are not applied. The GPOs should be applied to Windows 10 Pro computers
> >> when the specific user(s) log in. The GPOs are defined for users, not
> >> computers. Domain GPOs for domain computers are applied appropriately,
> >> roaming profiles work, authentication works, the sysvol and netlogon
> >> shares on the DC are accessible and readable by all users, DNS works. I
> >> have tried with existing users and newly created test users. The GPOs
> >> are not applied. The GPOs (minimum Windows server 2003 or XP) are:
> >>
> >> - Set time limit for disconnected sessions
> >> - Set time limit for active but idle Remote Services sessions
> >> - End session when time limits are reached
> >>
> >> The AD DC is a self compiled 4.9.1, CentOS 7.9, the kernel is the
> latest
> >> EL-repo ML-kernel (5.11.7-1). SSSD is NOT installed, neither is NIS or
> >> NFS. The .local TLD is used in the network (for almost 20 years), and
> >> all mDNS och zero configurations are prohibited and disabled. All
> >> workstations in the network are Windows 10 Pro with the latest updates,
> >> and ESET Business antivirus. The main file server, containing the user
> >> profiles, runs CentOS 7.8 with Samba 4.10.4, which I assume has got
> >> nothing to do with the problem.
> >>
> >> Would installing and setting up a new Debian Buster AD DC solve the
> >> problem?
> >>
> >> Best regards,
> >>
> >> Peter
> >>
> >>
> >> smb.conf
> >> ========
> >> # Global parameters
> >> [global]
> >> netbios name = KONADC
> >> realm = KONSTRUKCE.LOCAL
> >> server role = active directory domain controller
> >> workgroup = KONSTRUKCE
> >> idmap_ldb:use rfc2307 = yes
> >> username map = /etc/samba/user.map
> >> dns forwarder = 192.168.0.221
> >>
> >> [netlogon]
> >> path = /var/lib/samba/sysvol/konstrukce.local/scripts
> >> read only = No
> >>
> >> [sysvol]
> >> path = /var/lib/samba/sysvol
> >> read only = No
> >>
> >>
> >> krb5.conf
> >> ========
> >> [libdefaults]
> >> default_realm = KONSTRUKCE.LOCAL
> >> dns_lookup_realm = false
> >> dns_lookup_kdc = true
> >>
> >> resolv.conf
> >> =========
> >> search konstrukce.local
> >> nameserver 127.0.0.1
> >>
> >> nsswitch.conf
> >> ===========
> >> passwd: files winbind
> >> shadow: files
> >> group: files winbind
> >>
> >> hosts: files dns myhostname
> >>
> >> bootparams: nisplus [NOTFOUND=return] files
> >>
> >> ethers: files
> >> netmasks: files
> >> networks: files
> >> protocols: files
> >> rpc: files
> >> services: files
> >> netgroup: nisplus
> >> publickey: nisplus
> >> automount: files nisplus
> >> aliases: files nisplus
> >>
> >>
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list