[Samba] samba 4.1.13 not applying domain policy in windows XP clients

Tue Jun 16 01:31:51 MDT 2015

samba-tool ntactl sysvolreset wil reset the rights on your sysvol. 
Thats the first your should try since it looks like an rights problem. 

Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: rllanes at scvc.artex.cu 
>[mailto:samba-bounces at lists.samba.org] Namens Rene Llanes
>Verzonden: vrijdag 12 juni 2015 17:20
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] samba 4.1.13 not applying domain policy in 
>windows XP clients
>
>Hello,
>
>i configured group policy via RSAT in my samba 4.1.13 
>implementation the 
>policy applies correctly to my windows 7 clients but not to my windows 
>XP clients.
>
>when i run gpupdate /force in windows XP it replies that the policies 
>are apply correctly .... when i run
>
>./samba-tool ntacl sysvolcheck
>ERROR(<class 'samba.provision.ProvisioningError'>): uncaught 
>exception - 
>ProvisioningError: DB ACL on GPO directory 
>/usr/local/samba/var/locks/sysvol/XX.XXXX.XXX/Policies/{6AC1786
>C-016F-11D2-945F-00C04FB984F9} 
>O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A
>;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
>1ff;;;SY)(A;OICI;0x001200a9;;;ED) 
>does not match expected value 
>O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A
>;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f0
>1ff;;;SY)(A;OICI;0x001200a9;;;ED) 
>from GPO object
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in
>it__.py", 
>line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", 
>line 249, in run
>     lp)
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py", 
>line 1726, in checksysvolacl
>     direct_db_access)
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py", 
>line 1677, in check_gpos_acl
>     domainsid, direct_db_access)
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/provision/_
>_init__.py", 
>line 1624, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s does not 
>match expected value %s from GPO object' % 
>(acl_type(direct_db_access), 
>path, fsacl_sddl, acl))
>root at pdc:/usr/local/samba/bin#
>root at pdc:/usr/local/samba/bin# gpupdate /force
>bash: gpupdate: command not found
>^C                     ba/bin#
>root at pdc:/usr/local/samba/bin# ^C
>root at pdc:/usr/local/samba/bin# ./samba-tool gpo aclcheck
>ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No 
>such element'
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__in
>it__.py", 
>line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
>"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo.
>py", line 
>1150, in run
>     ds_sd_ndr = m['nTSecurityDescriptor'][0]
>
>
>my question are ... are this errors related with my initial 
>issue ...can 
>i fix it with samba-tool ntactl sysvolreset??? ... what exactly this 
>command does ...
>
>thanx in advance
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>