[Samba] Continued Group Policy issues

Rowland Penny rpenny at samba.org
Thu Jul 12 12:50:28 UTC 2018

On Thu, 12 Jul 2018 18:13:47 +0530
Anantha Raghava via samba <samba at lists.samba.org> wrote:

> Hi,
> We have 4 Domain Controllers all on CentOS 7.5 and Samba Version
> 4.7.5.
> We are using iNotify to watch the folder and pushing any changes made
> to GPO from our first Domain Controller.
> Off late, we started observing that, unless the client is reading the 
> Group Policies from the first Domain Controller, none of the Group 
> Policies gets applied. On the Windows Clients, we have observed that 
> clients are reporting "Access Denied" error to Group Policy Objects
> on other Domain Controllers.
> "samba-tool ntacl sysvolcheck" reports no errors on the GPO on any 
> Domain Controllers. Yet, the clients report "Access Denied" on all
> other DCs except first one.
> What could have gone wrong? Any clues?

I take it you are syncing 'sysvol' to the DC's from the first DC, but
are you also syncing idmap.ldb as well ?


More information about the samba mailing list