[Samba] Fwd: AD Policies are not applying properly

[lingpanda101]

On 6/23/2017 7:24 AM, Rowland Penny via samba wrote:
> On Fri, 23 Jun 2017 16:27:44 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> We did not modify anything but yes, we did delink the default domain
>> controller policy.
>>
> Then relink it, you need it, but don't modify it, or the other default
> policy.
>
> Rowland
>
As Rowland said, re-link it.  It's empty and will not affect any future 
GPO's you create. It will affect the sysvol folder if you modify the 
default domain policies in anyway.

Make sure you have both 'Default Domain Policy' and 'Default Domain 
Controllers Policy' enabled and linked. Do not modify either of these 
two. You can't simply create these if you delete them either as far as I 
know with Samba.

Running 'sysvolreset' should not have corrupted your policies. I know 
there has been debate on running sysvolreset or not, but in my testing I 
have not observed any negative side effect. Based upon the permissions 
you currently have applied, it's probably the easiest way to recover 
from your issue. I'm also using a central store for my policies. I'm 
curious if those with issues are not.

Enabling RFC2307 doesn't automatically enable inheritance. It's function 
is to create user and group ID's in a consistent manner across your 
Linux domain members. Are you currently assigning UID's or GID's to any 
object? If not then it sounds like RFC2307 is enabled but not being used.

I'm not sure if you can edit all appropriate permissions using gpedit to 
correct your issue. The easiest way is to run 'sysvolreset'. If 
sysvolreset fails, post the results.


-- 
--
James