[Samba] Fwd: AD Policies are not applying properly
lingpanda101
lingpanda101 at gmail.com
Fri Jun 23 13:22:48 UTC 2017
On 6/23/2017 7:24 AM, Rowland Penny via samba wrote:
> On Fri, 23 Jun 2017 16:27:44 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> We did not modify anything but yes, we did delink the default domain
>> controller policy.
>>
> Then relink it, you need it, but don't modify it, or the other default
> policy.
>
> Rowland
>
As Rowland said, re-link it. It's empty and will not affect any future
GPO's you create. It will affect the sysvol folder if you modify the
default domain policies in anyway.
Make sure you have both 'Default Domain Policy' and 'Default Domain
Controllers Policy' enabled and linked. Do not modify either of these
two. You can't simply create these if you delete them either as far as I
know with Samba.
Running 'sysvolreset' should not have corrupted your policies. I know
there has been debate on running sysvolreset or not, but in my testing I
have not observed any negative side effect. Based upon the permissions
you currently have applied, it's probably the easiest way to recover
from your issue. I'm also using a central store for my policies. I'm
curious if those with issues are not.
Enabling RFC2307 doesn't automatically enable inheritance. It's function
is to create user and group ID's in a consistent manner across your
Linux domain members. Are you currently assigning UID's or GID's to any
object? If not then it sounds like RFC2307 is enabled but not being used.
I'm not sure if you can edit all appropriate permissions using gpedit to
correct your issue. The easiest way is to run 'sysvolreset'. If
sysvolreset fails, post the results.
--
--
James
More information about the samba
mailing list