[Samba] Failure gpupdate

lingpanda101 at gmail.com lingpanda101 at gmail.com
Wed Oct 5 15:46:24 UTC 2016


On 10/5/2016 11:20 AM, Ricardo Pardim Claus via samba wrote:
> Yes, I performed tests on both DC's. 2 DC's working normally. The sysvolreset works in both DC's after I disabled full_audit. The gpupdate / force works perfectly.
> And also through the RSAT, I do not get more permission error when I edit any GPO.
>
> If this is a bug, who can inform / report?
>
> What I find strange in DC's, is when I view the sysvol permissions. The DC2 appears the name of the domain / group or User. But DC1 appears only the UID of the object:
>
> DC2:
> # getfacl /usr/local/samba/var/locks/sysvol/
> getfacl: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol/
> # owner: root
> # group: BUILTIN\134administrators
> user::rwx
> user:root:rwx
> group::r-x
> group:root:r-x
> group:DOMAIN\134domain\040admins:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:root:rwx
> default:group::---
> default:group:root:---
> default:group:DOMAIN\134domain\040admins:rwx
> default:mask::rwx
> default:other::---
>
>
> DC1:
>
> # getfacl /usr/local/samba/var/locks/sysvol/
> getfacl: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol/
> # owner: root
> # group: 3000000
> user::rwx
> user:root:rwx
> group::r-x
> group:root:r-x
> group:3000010:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:root:rwx
> default:group::---
> default:group:root:---
> default:group:3000010:rwx
> default:mask::rwx
> default:other::---
>
>
>
>
>
>> And you did test agains both DC's sysvol's ?
>> If not, set preffered server in GPO and test agains all DC's
>> If it keeps working you found a bug.

Did you specify winbind in /etc/nsswitch.conf on DC2?

passwd: files winbind

group: files winbind

-- 
-James




More information about the samba mailing list