[Samba] Permission Issues with GPO

Viktor Trojanovic viktor at troja.ch
Tue Nov 17 03:04:20 UTC 2015

I was experiencing problems with Group Policy Objects. The Windows Event 
Viewer spits out so many different errors, most of them less than 
helpful, so Iwas seeking help here with some of those messages.

In the end, and after many hours and even days of researching this 
problem, I seem to have pin-pointed the main issue to some simple 
permission irregularities that I don't know how to solve.

In my setup, I have an AD DC and a member server, the latter in the 
function of a file server. Both are a Samba-only implementation based on 
version 4.3.1 of the server.

Everything seems to work well enough, I never noticed any issue when 
working in a user context - I can authenticate, and I can use the file 
server as intended. But evidently, any policies that require access to 
the file server in a machine context (computer configuration node of the 
GPO), fail. I was able to confirm that in multiple tests.

I'm at my wit's end as it seems to me that all the necessary share 
permissions and NTACLs are in place. I even followed the advice I could 
find on some forum pages to add the group "domain computers" to the 
share permissions but that didn't help either.

Any advice or best practices? I can't imagine this should be so 


More information about the samba mailing list