[Samba] gpo failure

[L.P.H. van Belle]

Hai Mourik Jan, 


Here are some commands you can try  


On a "good"  server, run : 
Getfacl -R /var/lib/samba/sysvol  > sysvol.permissions-GOOD.acl

On the bad server do the same
Getfacl -R /var/lib/samba/sysvol  > sysvol.permissions-BAD.acl
Diff them and see whats the difference. 

And when sure its needed apply the "good" acl on the bad server. 
But make sure your sysvol folders and files are the same (synced) 

And restore command for the "bad" server. 
setfacl --restore= sysvol.permissions-GOOD.acl


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan c
> heupink
> Verzonden: woensdag 7 oktober 2015 14:53
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] gpo failure
> 
> Hi all,
> 
> >  From personal experience yes. Create a backup however in case things go
> > wrong.
> 
> I did the idmap.ldb swap, but unfortunately I still get access denied on
> DC3.
> 
> smb.conf on dc3 is just like dc2/dc4, sysvol/netlogon shares defined
> exactly the same on all DCs:
> 
> > [global]
> >         workgroup = WRKGROUP
> >         realm = samba.company.com
> >         netbios name = DC3
> >         server role = active directory domain controller
> >
> >         dns forwarder = 192.x.y.1
> >         allow dns updates = nonsecure
> >
> >         log level = 3
> >         log file = /var/log/samba/samba.%U.%m.%I.log
> >
> >         idmap_ldb:use rfc2307 = yes
> >
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/samba.company.com/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> 
> I am not sure what to check or do next..?
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba