[Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
p1 at originsystems.co.za
Sun Jan 15 20:52:03 UTC 2017
100% ! I hadn't set up the libnss_winbind links.
I have now done this using:
# ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/
# ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
When I test as follows all looks good:
root at dc1:~ # wbinfo --ping-dc
checking the NETLOGON for domain[CT] dc connection to "dc1.ct.mydomain.com" succeeded
but for some reason I don’t understand "getent" still doesn't work when executed on the DC
root at dc1:~ # getent passwd richard.h
root at dc1:~ #
If I do the same on one of the domain members it works fine...
root at office1:~ # getent passwd richard.h
I'm pretty sure I'm doing the same pam / nsswitch setup on the DC as I did on the domain members (not sure whether relevant but the domain members are running standard CentOS 7 Samba 4.4.4 packages)
do you possibly have any idea why getent isn't working on the domain controller?
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: 15 January 2017 21:05
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
On Sun, 15 Jan 2017 20:30:25 +0200
Richard via samba <samba at lists.samba.org> wrote:
> I remain baffled as to why richard.h cannot access the sysvol share.
> Permissions all seem ok from what I can see and I'm not sure why this
> should be any different from normal AD share behaviour (our other
> shares are working fine for domain users)
> I would really appreciate it if someone could let me know whether the
> sysvol has become corrupt in some way and I am wasting my time even
> trying to sort this out.
I have thought about this and notice that you gave 'Domain Admins' a gidNumber (which you have now removed), but 'getfacl' only showed the number not the group name. This makes me wonder if you have set up the libnss_winbind links etc. If you haven't, or don't know what I mean, see here:
To unsubscribe from this list go to the following URL and read the
More information about the samba