[Samba] Can't create/update Group Policy in Samba 4.6.5
L.P.H. van Belle
belle at bazuin.nl
Wed Jul 5 06:07:41 UTC 2017
Sorry, my error, you need an "empty domain" directory in sysvol then reset.
Then copy the rights, re-apply them .. Etc.
And good point Rowland.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: dinsdag 4 juli 2017 21:51
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Can't create/update Group Policy in Samba 4.6.5
>
> On Tue, 4 Jul 2017 16:04:20 -0300
> Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:
>
> > Hi Louis
> >
> >
> > I have moved "empresa.com.br" folder to /root. After I run
> samba-tool
> > ntacl sysvolreset, but some errors appear:
>
> Please put it back.
>
> Also which DC is this on, your first DC or the second one ?
> and if it is the second one, have you followed the wiki page
> I pointed you to, on your other post ?
>
> Or to put it another way, do both of your DCs sysvol directories (and
> sub-directories) match and have you synced idmap.ldb from the
> first DC to the second DC.
>
> I know what Louis told you to do, but you should only give
> 'Domain Users' a gidNumber attribute, you can also give
> 'Domain Admins' a gidNumber, but I personally think it is
> better to create a group called 'Unix Admins', make this
> group a member of 'Domain Admins' and then give this new
> group a gidNumber. Now use this group when setting
> permissions from Windows. My reasoning behind this: 'Domain Admins'
> needs to own policies in sysvol, it cannot do this if it has
> a gidNumber attribute.
> Do not give any other user or group from the well known sids
> a uidNumber or gidNumber, see here for the well known sids:
>
> https://support.microsoft.com/en-us/help/243330/well-known-sec
> urity-identifiers-in-windows-operating-systems
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list