[Samba] Problems with GPO

lingpanda101 lingpanda101 at gmail.com
Thu Nov 3 14:25:00 UTC 2016 

On 11/3/2016 9:59 AM, Marcio Demetrio Bacci wrote:
> Thanks Lingpanda101
>
> Following the result of command:
>
> # file: Policies/{0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625}
> # owner: 10060
> # group: 30028
> user::rwx
> user:10060:rwx
> user:3000002:rwx
> user:3000010:r-x
> group::rwx
> group:30028:rwx
> group:30032:r-x
> group:30033:rwx
> group:3000002:rwx
> group:3000010:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:10060:rwx
> default:user:3000002:rwx
> default:user:3000010:r-x
> default:group::---
> default:group:30028:rwx
> default:group:30032:r-x
> default:group:30033:rwx
> default:group:3000002:rwx
> default:group:3000010:r-x
> default:mask::rwx
> default:other::---
>
>
>
> Regards,
>
> Márcio
>
> 2016-11-03 11:46 GMT-02:00 lingpanda101 via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>
>     On 11/2/2016 5:51 PM, Marcio Demetrio Bacci via samba wrote:
>
>         I'm having problems with GPO in Samba 4.2.1
>
>         I created a GPO to Block Control Panel and applied in my
>         Domain OU.
>
>         In desktop client I typed "gpupdate /force" and appear a
>         success message
>         that to ask reboot my system. After rebuot the GPO don't work.
>
>         Other GPOs as WSUS update, Wallpaper and others, don't work too.
>
>
>         Following is the result of command: GPRESULT /H GPResult.html
>
>         GPOs Applied
>         Name            Location Link    Revision
>         Default Domain Policy empresa.com.br <http://empresa.com.br> 
>           AD (1), Sysvol (65535)
>
>         GPOs Denied
>         Name                    Location Link Denial Reason
>         Local Group Policies             Location   EMPTY
>         {0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625} empresa.com.br
>         <http://empresa.com.br>
>         Inacessible
>         {D65C5B66-A380-48AD-AC8A-DE417173E293}
>         empresa.comb.br/EMPRESA/SecInfor
>         <http://empresa.comb.br/EMPRESA/SecInfor>
>         Inacessible
>         Wallpaper empresa.comb.br/EMPRESA/SecInfor
>         <http://empresa.comb.br/EMPRESA/SecInfor>   Inacessible
>
>         How can I debug this problem ?
>
>         Regards,
>
>         Márcio
>
>
>     The denial reason Inaccessible usually refers to a permissions
>     problem. Verify your user and or computer the GPO applies to has
>     the correct permissions. Can you run 'getfacl
>     /Policies/{0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625}' and post the
>     results?
>
>     -- 
>     - James
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>     <https://lists.samba.org/mailman/options/samba>
>
>
I see you have given some users and groups a UID. Can you tell me the 
results of

wbinfo --uid-info=10060
wbinfo --uid-info=30028
wbinfo --uid-info=30032
wbinfo --uid-info=10060
wbinfo --uid-info=30033

I don't see user:3000003 which I believe is Authenticated Users. Did you 
give this group a UID?



-- 
- James

More information about the samba mailing list