[Samba] GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1
Julian Timm
X-Dimension at gmx.net
Sun Feb 17 06:21:14 MST 2013
I have checked the ACL of the Sysvol share:
1. After the upgrade from alpha 17 to 4.0.1 the ACL looks like this:
# file: var/lib/samba/var/locks/sysvol/
# owner: root
# group: adm
user::rwx
group::r-x
other::r-x
2. After a 'samba-tool ntacl sysvolreset' the ACL looks like this:
# owner: root
# group: adm
user::rwx
user:root:rwx
group::rwx
group:adm:rwx
group:3000006:r-x
group:3000147:r-x
group:3000148:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:adm:rwx
default:group:3000006:r-x
default:group:3000147:r-x
default:group:3000148:rwx
default:mask::rwx
default:other::---
Are the ACLs correct and if yes, why GPOs don't work even when i remove the WMI-Filter?
Thanks for help.
Gesendet: Sonntag, 27. Januar 2013 um 15:57 Uhr
Von: X-Dimension at gmx.net
An: DBGTMaster at gmx.at, samba at lists.samba.org
Betreff: Re: [Samba] GPOs don't work after update from Samba4.0 alpha 17 to 4.0.1
Yes, i have used wmi filters before to set some GPOs for our Windows XP clients and some for Windows 7 clients only.
I have removed the wmi filters from Microsofts Group Policy tool, but it seems to have no effect, i still get the same errors.
-------- Original-Nachricht --------
> Datum: Sun, 27 Jan 2013 15:37:41 +0100
> Von: "Thomas Manninger" <DBGTMaster at gmx.at>
> An: samba at lists.samba.org
> Betreff: Re: [Samba] GPOs don\'t work after update from Samba4.0 alpha 17 to 4.0.1
> Do you used wmi filters for your gpos?
>
> -------- Original-Nachricht --------
> > Datum: Sun, 27 Jan 2013 13:25:22 +0100
> > Von: X-Dimension at gmx.net
> > An: samba at lists.samba.org
> > Betreff: [Samba] GPOs don\'t work after update from Samba4.0 alpha 17 to
> 4.0.1
>
> > Hi!
> >
> > I have updated our server from Samba 4 alpha 17 to Samba 4.0.1.
> > Everything seems to work fine after some reconfiguration, but our
> > GPOs are not working anymore.
> >
> > Samba 4 alpha 17 was using ntvfs and the root partition with the sysvol
> > share was mounted with "user_xattr" only in /etc/fstab.
> > Samba 4.0.1 is now set to use s3fs and the root partition is mouted with
> > "user_xattr,acl,barrier=1".
> >
> > After updating to the newer Samba release i run "samba-tool ntacl
> > sysvolreset" like it was described in the release notes.
> >
> > Gpresult /H shows me that only the Default Domain Policy is loaded, but
> > not all the policies in the OU.
> >
> > Gpupdate /force shows this error on a client:
> >
> > ---
> > Die Richtlinie wird aktualisiert...
> >
> > Die Aktualisierung der Benutzerrichtlinie wurde erfolgreich
> abgeschlossen.
> > Die Computerrichtlinie konnte nicht erfolgreich aktualisiert werden.
> > Folgende Probleme sind aufgetreten:
> >
> > Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter
> (Windows
> > Management Instrumentation) für das Gruppenrichtlinienobjekt
> >
> "cn={97E400EB-EDFD-4024-A9D5-1BB8261ABE01},cn=policies,cn=system,DC=mynetwork,DC=lan"
> > konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein,
> > dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder
> > angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie
> sicher, dass
> > der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen
> Start
> > festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen
> werden
> > nicht verarbeitet, bis dieses Ereignis behoben wurde.
> > ---
> > Google Translate:
> >
> > The policy is updated ...
> >
> > Updating the user policy has been successfully completed.The computer
> > policy could not be updated successfully. The following problems:
> >
> > Error processing of Group Policy. The WMI filter (Windows Management
> > Instrumentation) for the GPO "cn =
> {97E400EB-4024-A9D5-EDFD-1BB8261ABE01}, cn =
> > policies, cn = System, DC = mynetwork, DC = lan" could not be evaluated.
> > This may be due to the fact that RSOP is disabled, or that the WMI
> service is
> > disabled or stopped, or other WMI errors. Make sure that the WMI service
> > is started and that the startup type is set to start automatically. New
> > Group Policy objects or settings will not be processed until this event
> is
> > resolved.
> > ---
> >
> > How can i get my GPOs to work again?
> >
> > Thanks for help!
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
More information about the samba
mailing list