[Samba] Continued Group Policy issues
Anantha Raghava
raghav at exzatechconsulting.com
Thu Jul 12 13:01:42 UTC 2018
Hello Rowland,
Thanks for your quick response.
We are syncing only sysvol from first Domain Controller, but not
idmap.ldb. Do we need to sync idmap.ldb as well?
--
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
On 12/07/18 6:20 PM, Rowland Penny via samba wrote:
> On Thu, 12 Jul 2018 18:13:47 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> We have 4 Domain Controllers all on CentOS 7.5 and Samba Version
>> 4.7.5.
>>
>> We are using iNotify to watch the folder and pushing any changes made
>> to GPO from our first Domain Controller.
>>
>> Off late, we started observing that, unless the client is reading the
>> Group Policies from the first Domain Controller, none of the Group
>> Policies gets applied. On the Windows Clients, we have observed that
>> clients are reporting "Access Denied" error to Group Policy Objects
>> on other Domain Controllers.
>>
>> "samba-tool ntacl sysvolcheck" reports no errors on the GPO on any
>> Domain Controllers. Yet, the clients report "Access Denied" on all
>> other DCs except first one.
>>
>> What could have gone wrong? Any clues?
>>
> I take it you are syncing 'sysvol' to the DC's from the first DC, but
> are you also syncing idmap.ldb as well ?
>
> Rowland
>
>
More information about the samba
mailing list