[Samba] Gpo issue

L.P.H. van Belle belle at bazuin.nl
Thu Feb 18 15:19:49 UTC 2016 

Hai Sam. 

 

Ah, but that is not error.   ;-) 

Thas a design flaw or missing some knowledge. 

 

So. .. . ;-) have read.  

 

Some good references i also use. 

 

Basic needs to understand: 

Group Policy Basics ? Part 1: Understanding the Structure of a GPO

https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/ 

 

Group Policy Basics ? Part 2: Understanding Which GPOs to Apply

https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/15/group-policy-basics-part-2-understanding-which-gpos-to-apply/ 

 

 

for a quick start to fix your problem. 

http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

 

http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part2.html

 

http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part3.html 

 

and yes, its worth the read. 

I had some flaws also, and after reading all above i've fixed my flaws. 

 

There is no direct fix to explain because no network is the same. 

 

I'll think you manage it. 

 

 

 

Greetz, 

 

Louis

 

 

 

> -----Oorspronkelijk bericht-----

> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sam

> Verzonden: donderdag 18 februari 2016 16:08

> Aan: samba at lists.samba.org

> Onderwerp: Re: [Samba] Gpo issue

> 

> Hi Louis! :)

> 

> I just see something strange...

> Until now, I linked my GPO on the OU=Computers and it was not working...

> But If I link my GPO on the whole domain it's working... ( but the gpo

> applies to all... )

> 

> 

> Le 18/02/2016 15:29, L.P.H. van Belle a écrit :

> > Hai Sam,

> >

> > Try the following,

> >

> > 1 ) ignore these messages :

> >> If I create a new GPO The "samba-tool ntacl sysvolcheck" command return

> > this error :

> >> root at S4:~# samba-tool ntacl sysvolcheck

> >> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception

> -

> >> .....

> >

> > 2) add this line to you sysvol share

> >          acl_xattr:ignore system acls = yes

> >

> >   No other os then windows uses this share normaly so its safe to

> >   Ignore the systems rights.

> It was already done with your script ;)

> >

> > 3) and check from within windows the sysvol share rights and the sysvol

> folder rights.

> I have 4 groups with at least read/execute access right ( authentified

> users, system, administrators, server operators )

> >

> > DO NOT CHANGE ANYTHING.

> >

> > Now it works..   ;-)

> >

> > If not

> >

> > 4) give group "Domain Users" a GID

> I'm not sure to well understand, could you explain?

> 

> >

> >

> > Test again,

> > Now it works.

> >

> > If not...

> > Pff, mail us again.  ;-) something else is wrong.

> >

> >

> > Greetz,

> >

> > Louis

> >

> >

> >

> Many thanks!

> See you.

> 

> Sam

> 

> --

> To unsubscribe from this list go to the following URL and read the

> instructions:  https://lists.samba.org/mailman/options/samba

 

More information about the samba mailing list