[Samba] Problems with GPO
lingpanda101
lingpanda101 at gmail.com
Thu Nov 3 14:25:00 UTC 2016
On 11/3/2016 9:59 AM, Marcio Demetrio Bacci wrote:
> Thanks Lingpanda101
>
> Following the result of command:
>
> # file: Policies/{0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625}
> # owner: 10060
> # group: 30028
> user::rwx
> user:10060:rwx
> user:3000002:rwx
> user:3000010:r-x
> group::rwx
> group:30028:rwx
> group:30032:r-x
> group:30033:rwx
> group:3000002:rwx
> group:3000010:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:10060:rwx
> default:user:3000002:rwx
> default:user:3000010:r-x
> default:group::---
> default:group:30028:rwx
> default:group:30032:r-x
> default:group:30033:rwx
> default:group:3000002:rwx
> default:group:3000010:r-x
> default:mask::rwx
> default:other::---
>
>
>
> Regards,
>
> Márcio
>
> 2016-11-03 11:46 GMT-02:00 lingpanda101 via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>
> On 11/2/2016 5:51 PM, Marcio Demetrio Bacci via samba wrote:
>
> I'm having problems with GPO in Samba 4.2.1
>
> I created a GPO to Block Control Panel and applied in my
> Domain OU.
>
> In desktop client I typed "gpupdate /force" and appear a
> success message
> that to ask reboot my system. After rebuot the GPO don't work.
>
> Other GPOs as WSUS update, Wallpaper and others, don't work too.
>
>
> Following is the result of command: GPRESULT /H GPResult.html
>
> GPOs Applied
> Name Location Link Revision
> Default Domain Policy empresa.com.br <http://empresa.com.br>
> AD (1), Sysvol (65535)
>
> GPOs Denied
> Name Location Link Denial Reason
> Local Group Policies Location EMPTY
> {0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625} empresa.com.br
> <http://empresa.com.br>
> Inacessible
> {D65C5B66-A380-48AD-AC8A-DE417173E293}
> empresa.comb.br/EMPRESA/SecInfor
> <http://empresa.comb.br/EMPRESA/SecInfor>
> Inacessible
> Wallpaper empresa.comb.br/EMPRESA/SecInfor
> <http://empresa.comb.br/EMPRESA/SecInfor> Inacessible
>
> How can I debug this problem ?
>
> Regards,
>
> Márcio
>
>
> The denial reason Inaccessible usually refers to a permissions
> problem. Verify your user and or computer the GPO applies to has
> the correct permissions. Can you run 'getfacl
> /Policies/{0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625}' and post the
> results?
>
> --
> - James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> <https://lists.samba.org/mailman/options/samba>
>
>
I see you have given some users and groups a UID. Can you tell me the
results of
wbinfo --uid-info=10060
wbinfo --uid-info=30028
wbinfo --uid-info=30032
wbinfo --uid-info=10060
wbinfo --uid-info=30033
I don't see user:3000003 which I believe is Authenticated Users. Did you
give this group a UID?
--
- James
More information about the samba
mailing list