[Samba] Failure gpupdate
Ricardo Pardim Claus
ricardo.claus at yahoo.com.br
Wed Oct 5 15:20:44 UTC 2016
Yes, I performed tests on both DC's. 2 DC's working normally. The sysvolreset works in both DC's after I disabled full_audit. The gpupdate / force works perfectly.
And also through the RSAT, I do not get more permission error when I edit any GPO.
If this is a bug, who can inform / report?
What I find strange in DC's, is when I view the sysvol permissions. The DC2 appears the name of the domain / group or User. But DC1 appears only the UID of the object:
DC2:
# getfacl /usr/local/samba/var/locks/sysvol/
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:DOMAIN\134domain\040admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:DOMAIN\134domain\040admins:rwx
default:mask::rwx
default:other::---
DC1:
# getfacl /usr/local/samba/var/locks/sysvol/
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/
# owner: root
# group: 3000000
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:3000010:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:3000010:rwx
default:mask::rwx
default:other::---
> And you did test agains both DC's sysvol's ?
> If not, set preffered server in GPO and test agains all DC's
> If it keeps working you found a bug.
More information about the samba
mailing list