[Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies

Rowland Penny rpenny at samba.org
Thu Jan 12 20:01:21 UTC 2017


On Thu, 12 Jan 2017 21:47:00 +0200
Richard via samba <samba at lists.samba.org> wrote:

> Hi Rowland, 
> 
> I've done the below and retried to log on as a normal user, but sadly:
> 
> C:\> gpupdate /force     still returns
> 
> The processing of Group Policy failed. Windows attempted to read the
> file
> \\ct.mydomain.com\sysvol\ct.mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
> from a domain controller and was not successful. Group Policy
> settings may not be applied until this event is resolved. This issue
> may be transient and could be caused by one or more of the following:
> a) Name Resolution/Network Connectivity to the current domain
> controller. b) File Replication Service Latency (a file created on
> another domain controller has not replicated to the current domain
> controller). c) The Distributed File System (DFS) client has been
> disabled.
> 
> Also a normal domain user still can't get a listing on sysvol
> 
> smbclient //localhost/sysvol -Urichard.h -c 'ls'
> Enter richard.h's password: 
> Domain=[CT] OS=[Windows 6.1] Server=[Samba 4.5.3]
> NT_STATUS_ACCESS_DENIED listing \*
> 
> but Administrator can fine:
> 
> smbclient //localhost/sysvol -UAdministrator -c 'ls'
> Enter Administrator's password: 
> Domain=[CT] OS=[Windows 6.1] Server=[Samba 4.5.3]
>   .                                   D        0  Thu Jan 12 20:58:10
> 2017 ..                                  D        0  Thu Jan 12
> 21:21:00 2017 ct.mydomain.com    D        0  Thu Feb 18 00:16:24 2016
> 
> 		244669724 blocks of size 1024. 235669456 blocks
> available
> 
> 
> Also, I've rerun getfacl and I see that GID 10013 still exists for
> both group and other, even though I have removed it from "domain
> admins"

Did you run 'net cache flush'

Rowland



More information about the samba mailing list