[Samba] Clients unable to get group policy...

Ryan Ashley ryana at reachtechfp.com
Thu Jun 4 10:42:02 MDT 2015


I tried resetting dozens of times, neither works. I do remember a
permissions issue from ages back, where the Unix permissions had to be
777 on a share and then the ACL stuff worked. Do I need to set the
sysvol to 777?

What about getent and id not working on the DC? I cannot find any
information relevant to my situation with them online.

On 06/04/2015 08:46 AM, James wrote:
> On 6/3/2015 11:43 AM, Ryan Ashley wrote:
>> James, I cloned it using git. I installed it to a private partition
>> (/samba) back when I was first testing Samba4. It is in the path and
>> this worked for ages, but recently just stopped. No errors, no warnings,
>> nothing. Just dead.
>>
>> The GP in question is the default domain policy. I already tried
>> unlinking it and it fails on the next one. I only have two GPOs, so it
>> cannot "read" either one. I also noted that, during one of my angry
>> moments, I just kept spamming "gpupdate" in a DOS box on the workstation
>> and suddenly it worked once, then went back to erroring out. Spamming it
>> has not fixed it since. I even wrote a small batch script which looped
>> until gpupdate returned success. It went into an endless loop which
>> lasted about 20hrs before I stopped it.
>>
>> As for the sysvol location, it is in "/samba/var/locks/sysvol", which
>> worked for a few years, and has just stopped. Permissions appear to be
>> correct.
>>
>> On 05/29/2015 11:24 AM, James wrote:
>>> On 5/29/2015 10:40 AM, Ryan Ashley wrote:
>>>> Thank you, Louis. This has not corrected the getent and id issue, however.
>>>>
>>>> On 05/29/2015 10:13 AM, L.P.H. van Belle wrote:
>>>>
>>> Ryan,
>>>
>>>     Is it a specific GP that can't be read? Can you remove all links to
>>> one workstation and leave just the default domain GP and test? Did you
>>> install samba from tar and provide the location for sysvol in the build?
>>>
> Ryan,
>
>     It definitely sounds like a permission problem. I can only think of
> one other thing. Try
>
> samba-tool ntacl sysvolreset --use-ntvfs
>
> See if gpupdate works. If it works try
>
> samba-tool ntacl sysvolreset --use-s3fs
>
> Are you using a central store for group policy? I'm not sure what else
> to try.
>

-- 
Lead IT/IS Specialist
Reach Technology FP, Inc



More information about the samba mailing list