[Samba] GPO Problem

Epsilon Minus theepsilonminus at gmail.com
Tue Jun 6 18:35:42 UTC 2017 

Hi. I have a problem applying GPO. I do not know where to look
Reviewing I found this:

# samba-tool ntacl sysvolcheck
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[sistemas]"
ldb_wrap open of idmap.ldb
Module 'acl_xattr' loaded
Module 'dfs_samba4' loaded
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol
#


My smb.conf:
oot at DC02:~# cat /etc/samba/smb.conf

# Global parameters
[global]
    workgroup = CLINICAGUEMES
    realm = CLINICAGUEMES.COM.AR
    netbios name = DC02
    server role = active directory domain controller
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
    idmap_ldb:use rfc2307 = yes
    ldap server require strong auth = No
    log level = 3

    #### Deshabilito error en los logs por las impresoras
    load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes


[netlogon]
    path = /var/lib/samba/sysvol/clinicaguemes.com.ar/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

[sistemas]
    path = /datos/grupos/sistemas
    read only = No
    valid users = +sistemas


Is ok this? :

root at DC02:/var/lib/samba# ls -l
total 1404
-rw-------   1 root root       421888 nov 21  2016 account_policy.tdb
-rw-------   1 root root          696 nov 21  2016 group_mapping.tdb
drwxr-x---   2 root root         4096 ene 24 21:04 ntp_signd
drwxr-xr-x  10 root root         4096 nov 21  2016 printers
drwxr-xr-x   7 root root         4096 jun  6 15:33 private
-rw-------   1 root root       528384 nov 21  2016 registry.tdb
-rw-------   1 root root       421888 nov 21  2016 share_info.tdb
drwxrwx---+  3 root    3000000   4096 jun  6 15:19 sysvol
<<<<----------  is okey ?
drwxrwx--T   2 root sambashare   4096 nov 21  2016 usershares
-rw-------   1 root root        32768 jun  5 22:54 winbindd_cache.tdb
drwxr-x---   2 root root         4096 ene 24 21:04 winbindd_privileged





I do not know where to look for the logs to apply the GPOs

More information about the samba mailing list