[Samba] Sysvolreset

Thu Jan 11 18:50:20 UTC 2018

On 1/11/2018 12:48 PM, Carlos wrote:
>
> Sorry, my english is not very good !!!
>
> 'gpupdate /force'
> Before sysvolreset permission error occurs in loading some gpo, after 
> running sysvolreset the problem has not occurred anymore, but every 
> rsync I run sysvolreset.
>
>
> Regards;
>
>
> On 11-01-2018 13:51, lingpanda101 via samba wrote:
>> On 1/11/2018 10:45 AM, Carlos via samba wrote:
>>> Hi
>>>
>>> Any ?
>>>
>>> Regards;
>>>
>>>
>>> On 10-01-2018 15:11, Carlos wrote:
>>>>
>>>> Every 5 minutes.
>>>>
>>>> This moment(before sysvolreset,) machine is ok . This comend is 
>>>> valid now ?
>>>>
>>>> *In DC01 Problem does not exist with sysvol.
>>>>
>>>> Regards;
>>>>
>>>>
>>>>
>>>> On 10-01-2018 14:51, lingpanda101 via samba wrote:
>>>>> On 1/10/2018 11:42 AM, Carlos via samba wrote:
>>>>>> HI
>>>>>>
>>>>>> Rsync
>>>>>>
>>>>>> DC1 to DC2 / DC3
>>>>>>
>>>>>> root / usr / bin / rsync -XAaz --delete-after / opt / samba / var 
>>>>>> / locks / sysvol root @ DCXX: / opt / samba / var /
>>>>>>
>>>>>>
>>>>>> Run Windows "gpupdate / force", information error permission 
>>>>>> (show ID GPO, any gpos ...).
>>>>>>
>>>>>> Yes, the only gpo, with errors.
>>>>>>
>>>>>> Regards;
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 10-01-2018 14:29, lingpanda101 via samba wrote:
>>>>>>> On 1/10/2018 8:59 AM, Carlos via samba wrote:
>>>>>>>> Hi!
>>>>>>>>
>>>>>>>> I have 3 Samba 4 , version 4.7.3 running in Ubuntu Server 16.04.
>>>>>>>>
>>>>>>>> All is ok, but GPO in DC3, with erro the permission, with dont 
>>>>>>>> load in windows(gpresult /force).
>>>>>>>>
>>>>>>>>
>>>>>>>> My smb.conf all samba server DC.
>>>>>>>>
>>>>>>>>
>>>>>>>> [global]
>>>>>>>>         netbios name = SAMBA-DC103
>>>>>>>>         realm = <DOMAIN>
>>>>>>>>         server role = active directory domain controller
>>>>>>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
>>>>>>>> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
>>>>>>>>         workgroup = XXXXXXX
>>>>>>>>
>>>>>>>>         ldap server require strong auth = no
>>>>>>>>
>>>>>>>> [netlogon]
>>>>>>>>         path = /opt/samba/var/locks/sysvol/<DOMAIN>/scripts
>>>>>>>>         read only = No
>>>>>>>>
>>>>>>>> [sysvol]
>>>>>>>>         path = /opt/samba/var/locks/sysvol
>>>>>>>>         read only = No
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> For resolved, i with run "samba-tool ntacl sysvolreset" , but i 
>>>>>>>> see a not good ideia..( 
>>>>>>>> https://lists.samba.org/archive/samba/2017-March/207236.html)
>>>>>>>>
>>>>>>>>
>>>>>>>> Any ?
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards;
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Will need more information. How are you replicating sysvol? What 
>>>>>>> is the exact message from gpupdate /force? Is it just one GPO 
>>>>>>> not working?
>>>>>>>
>>>>>>
>>>>>>
>>>>> How often is sysvol replicating? Can you run on the target machine 
>>>>> from cmd window "GPRESULT /H GPReport.html"?
>>>>>
>>>>
>>>
>> Hello Carlos,
>>
>>     I'm having trouble helping due to the language barrier. Are you 
>> still having problems running 'gpupdate /force' on the client 
>> workstation?
>>
>
No worries Carlos.

I do not perform a sysvolreset with my sysvol replication and do not 
have these issues. If I do chose to reset the sysvol permissions, I do 
it on the DC the others are pulling from.  The changes will be replicated.

-- 
--
James