[Samba] Samba4 DC GPOs Missing and Errors

[Thomas Maerz]

I’m running sernet-samba-ad packages on CentOS 6.5. Three replicating domain controllers, 350 users. All is going well so far performance and stability-wise. I’ve begun joining some workstations and servers to the domain, and now it’s time to restrict login for the servers so that SysAdmins and IT managers can only get into the servers etc.

Unfortunately, the M$ way to do this is with a GPO placed on the OU of the servers. This would be fine, except the GPO I need to apply (Computer Configuration > Policies > Windows Settings > Security Settings > Local Polices > User Rights Assignment) doesn’t exist. Has anyone else run into this? I have RSAT installed on a Windows Server 2008 R2 Member server and on a Windows 7 client machine which is working great for managing users and groups, but when I try to move down the GPO tree, after Security Settings, the Local Policies part doesn’t exist no matter what I try.

Another thing I’ve noticed is that some GPOs I browse to in there give me errors like this one: “Error (0x80070490) occurred parsing file. Element not Found.” when I click on certain GPOs, sometimes more than once, like it is trying to display several GPOs in a folder and they aren’t there. Another thing I noticed is that when I try to run the RSOP (Resultant set of Policy) tools from the Active Directory Users and Groups context menus on an AD object it crashes the MMC console on both a Windows 7 Client machine and a Server 2008 R2 member server.

Any ideas? I’ve searched through the samba mailing list archives and I can’t seem to match these symptoms at all.

Thanks,
Thomas Maerz