[Samba] Clients unable to get group policy...
Ryan Ashley
ryana at reachtechfp.com
Wed May 20 11:13:46 MDT 2015
I have been fighting a strange issue with Samba for over a year now, and
I am at my wits end. For some reason, clients are unable to get group
policy settings from the servers. It honestly appears to be the Windows
7 systems just deciding they don't want to, but they're not terminators.
The systems can ping both Samba servers and can even map the sysvol
shares to a drive and navigate them. However, when using "gpupdate", it
errors every time claiming that it could not read gpt.ini from the
location. DNS is correct and verified. I can ping the server and the
address is correct. I can map the sysvol share and anything below it and
read all files both as a normal user and as a domain admin. The servers
can ping the workstations both by IP and hostname, heck even FQDN works.
I have disabled the firewall on the problem systems completely and still
no go. Oh and the servers can resolve domain users and groups. Using
wbinfo shows them all.
With that said, I can only think of two possibilities and I have no clue
how to check them. The first one is that when I map the sysvol share or
anything in it, I have no "Security" tab. It is like there are no
permissions on it. However, I have run "samba-tool ntacl sysvolreset"
and "samba-tool ntacl sysvolcheck" dozens of times and both report no
errors.
The second one I just now thought about. The system in question today is
a fresh install of 7 Pro 64bit using the company volume license. Nothing
is installed. We install Windows, do updates, do drivers, and that is
it. The software is pushed via GPO and/or startup script on the domain.
Therefore, the system is clean. It had to be redone due to a virus. We
zeroed the disk using dd and a live CD, so this truly is a CLEAN install.
Now, the only thing that may be an issue with this system, is that I am
not sure the machine account was removed from the domain after unjoining
it before we took it to wipe and redo it. If the old machine account is
there, what should I do? Can I tell it to get fresh info from the
workstation in some way?
--
Lead IT/IS Specialist
Reach Technology FP, Inc
More information about the samba
mailing list