[Samba] gpo failure
L.P.H. van Belle
belle at bazuin.nl
Wed Oct 7 13:12:32 UTC 2015
Hai Mourik Jan,
Here are some commands you can try
On a "good" server, run :
Getfacl -R /var/lib/samba/sysvol > sysvol.permissions-GOOD.acl
On the bad server do the same
Getfacl -R /var/lib/samba/sysvol > sysvol.permissions-BAD.acl
Diff them and see whats the difference.
And when sure its needed apply the "good" acl on the bad server.
But make sure your sysvol folders and files are the same (synced)
And restore command for the "bad" server.
setfacl --restore= sysvol.permissions-GOOD.acl
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan c
> heupink
> Verzonden: woensdag 7 oktober 2015 14:53
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] gpo failure
>
> Hi all,
>
> > From personal experience yes. Create a backup however in case things go
> > wrong.
>
> I did the idmap.ldb swap, but unfortunately I still get access denied on
> DC3.
>
> smb.conf on dc3 is just like dc2/dc4, sysvol/netlogon shares defined
> exactly the same on all DCs:
>
> > [global]
> > workgroup = WRKGROUP
> > realm = samba.company.com
> > netbios name = DC3
> > server role = active directory domain controller
> >
> > dns forwarder = 192.x.y.1
> > allow dns updates = nonsecure
> >
> > log level = 3
> > log file = /var/log/samba/samba.%U.%m.%I.log
> >
> > idmap_ldb:use rfc2307 = yes
> >
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/samba.company.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
>
> I am not sure what to check or do next..?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list