[Samba] Clients unable to get group policy...

Rowland Penny rowlandpenny at googlemail.com
Wed May 20 13:01:25 MDT 2015 

On 20/05/15 18:13, Ryan Ashley wrote:
> I have been fighting a strange issue with Samba for over a year now, and
> I am at my wits end. For some reason, clients are unable to get group
> policy settings from the servers. It honestly appears to be the Windows
> 7 systems just deciding they don't want to, but they're not terminators.
> The systems can ping both Samba servers and can even map the sysvol
> shares to a drive and navigate them. However, when using "gpupdate", it
> errors every time claiming that it could not read gpt.ini from the
> location. DNS is correct and verified. I can ping the server and the
> address is correct. I can map the sysvol share and anything below it and
> read all files both as a normal user and as a domain admin. The servers
> can ping the workstations both by IP and hostname, heck even FQDN works.
> I have disabled the firewall on the problem systems completely and still
> no go. Oh and the servers can resolve domain users and groups. Using
> wbinfo shows them all.

Yes, but what about getent or id ?

Rowland

>
> With that said, I can only think of two possibilities and I have no clue
> how to check them. The first one is that when I map the sysvol share or
> anything in it, I have no "Security" tab. It is like there are no
> permissions on it. However, I have run "samba-tool ntacl sysvolreset"
> and "samba-tool ntacl sysvolcheck" dozens of times and both report no
> errors.
>
> The second one I just now thought about. The system in question today is
> a fresh install of 7 Pro 64bit using the company volume license. Nothing
> is installed. We install Windows, do updates, do drivers, and that is
> it. The software is pushed via GPO and/or startup script on the domain.
> Therefore, the system is clean. It had to be redone due to a virus. We
> zeroed the disk using dd and a live CD, so this truly is a CLEAN install.
>
> Now, the only thing that may be an issue with this system, is that I am
> not sure the machine account was removed from the domain after unjoining
> it before we took it to wipe and redo it. If the old machine account is
> there, what should I do? Can I tell it to get fresh info from the
> workstation in some way?
>

More information about the samba mailing list