[Samba] Permission Issues with GPO
viktor at troja.ch
Tue Nov 17 03:04:20 UTC 2015
I was experiencing problems with Group Policy Objects. The Windows Event
Viewer spits out so many different errors, most of them less than
helpful, so Iwas seeking help here with some of those messages.
In the end, and after many hours and even days of researching this
problem, I seem to have pin-pointed the main issue to some simple
permission irregularities that I don't know how to solve.
In my setup, I have an AD DC and a member server, the latter in the
function of a file server. Both are a Samba-only implementation based on
version 4.3.1 of the server.
Everything seems to work well enough, I never noticed any issue when
working in a user context - I can authenticate, and I can use the file
server as intended. But evidently, any policies that require access to
the file server in a machine context (computer configuration node of the
GPO), fail. I was able to confirm that in multiple tests.
I'm at my wit's end as it seems to me that all the necessary share
permissions and NTACLs are in place. I even followed the advice I could
find on some forum pages to add the group "domain computers" to the
share permissions but that didn't help either.
Any advice or best practices? I can't imagine this should be so
More information about the samba