[Samba] Gpo issue

Sam sr42354 at gmail.com
Wed Feb 17 12:42:53 UTC 2016 

Hi everybody!

I have two samba AD server (  4.2.7-SerNet-Debian-8.wheezy ). I try to 
make gpo working but I'm facing some problems...

My Samba4 comes from an old windows AD so I have launch these command :

samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
samba-tool ntacl sysvolreset ( that take about 10 minutes to complete )
samba-tool dbcheck --cross-ncs --fix

But the following errors still stay on both servers...

root at S4bis:~# samba-tool dbcheck --cross-ncs --reset-well-known-acls
Checking 7747 objects
ERROR: missing GUID component for ipsecOwnersReference in object 
CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,DC=ariane,DC=intra - 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra
unable to find object for DN 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra - (No such Base DN: 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra)
Not removing dangling forward link
Please use --fix to fix these errors
Checked 7747 objects (1 errors)

root at S4bis:~# samba-tool dbcheck --cross-ncs
Checking 7747 objects
ERROR: missing GUID component for ipsecOwnersReference in object 
CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,DC=ariane,DC=intra - 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra
unable to find object for DN 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra - (No such Base DN: 
CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP 
Security,CN=System,CN=System,DC=ariane,DC=intra)
Not removing dangling forward link
Please use --fix to fix these errors
Checked 7747 objects (1 errors)

At the beginning a "samba-tool ntacl sysvolreset" command did it works 
but not for a long time, the only thing I do after was playing with the 
RSAT policy tool... then I thinked that was an rsync issue, but now my 
sysvol replication work well...
Maybe a stupid question but is there a way to recreate sysvol folders 
and files?

Thanks for your help!

Sam

More information about the samba mailing list