[Samba] Clients unable to get group policy...

L.P.H. van Belle belle at bazuin.nl
Fri Jun 5 00:44:38 MDT 2015


>What about getent and id not working on the DC? I cannot find any
>information relevant to my situation with them online.

ok, try the following. 

chown -R root:root /samba/var/locks/sysvol
chmod -R 755 /samba/var/locks/sysvol

kinit Administrator
samba-tool ntacl sysvolreset
kdestroy 

the id/getent issue.. 
install libnss-winbind

and check your server again with. 
read : 
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server 
from : Make domain users/groups available locally through Winbind  


Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: ryana at reachtechfp.com 
>[mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>Verzonden: donderdag 4 juni 2015 18:42
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Clients unable to get group policy...
>
>I tried resetting dozens of times, neither works. I do remember a
>permissions issue from ages back, where the Unix permissions had to be
>777 on a share and then the ACL stuff worked. Do I need to set the
>sysvol to 777?
>
>What about getent and id not working on the DC? I cannot find any
>information relevant to my situation with them online.
>
>On 06/04/2015 08:46 AM, James wrote:
>> On 6/3/2015 11:43 AM, Ryan Ashley wrote:
>>> James, I cloned it using git. I installed it to a private partition
>>> (/samba) back when I was first testing Samba4. It is in the path and
>>> this worked for ages, but recently just stopped. No errors, 
>no warnings,
>>> nothing. Just dead.
>>>
>>> The GP in question is the default domain policy. I already tried
>>> unlinking it and it fails on the next one. I only have two 
>GPOs, so it
>>> cannot "read" either one. I also noted that, during one of my angry
>>> moments, I just kept spamming "gpupdate" in a DOS box on 
>the workstation
>>> and suddenly it worked once, then went back to erroring 
>out. Spamming it
>>> has not fixed it since. I even wrote a small batch script 
>which looped
>>> until gpupdate returned success. It went into an endless loop which
>>> lasted about 20hrs before I stopped it.
>>>
>>> As for the sysvol location, it is in 
>"/samba/var/locks/sysvol", which
>>> worked for a few years, and has just stopped. Permissions 
>appear to be
>>> correct.
>>>
>>> On 05/29/2015 11:24 AM, James wrote:
>>>> On 5/29/2015 10:40 AM, Ryan Ashley wrote:
>>>>> Thank you, Louis. This has not corrected the getent and 
>id issue, however.
>>>>>
>>>>> On 05/29/2015 10:13 AM, L.P.H. van Belle wrote:
>>>>>
>>>> Ryan,
>>>>
>>>>     Is it a specific GP that can't be read? Can you remove 
>all links to
>>>> one workstation and leave just the default domain GP and 
>test? Did you
>>>> install samba from tar and provide the location for sysvol 
>in the build?
>>>>
>> Ryan,
>>
>>     It definitely sounds like a permission problem. I can 
>only think of
>> one other thing. Try
>>
>> samba-tool ntacl sysvolreset --use-ntvfs
>>
>> See if gpupdate works. If it works try
>>
>> samba-tool ntacl sysvolreset --use-s3fs
>>
>> Are you using a central store for group policy? I'm not sure 
>what else
>> to try.
>>
>
>-- 
>Lead IT/IS Specialist
>Reach Technology FP, Inc
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list