[Samba] Continued Group Policy issues
raghav at exzatechconsulting.com
Mon Jul 16 12:07:21 UTC 2018
Thanks for clarification.
However, we held back from implementing your suggestion and observed
that after about 40 odd hours from the initial publishing of the
policies, all clients connecting to any of the Domain Controllers
started to get the policies. No client was throwing any error while
applying the policies from any of the 4 Domain Controllers.
Does it mean that "idmap.ldb" is taking time to replicate automatically?
Or is it some other issue? Nothing interesting about this is logged in
samba. Sysvol is getting replicated as soon as any policy is added or
modified or deleted on the first domain controller.
Basically we are implementing "Software While Listing" policies and
these are defined as computer policies. The error started to show up
once the policy was linked.
Any hints on this behavior?
Thanks & Regards,
Do not print this e-mail unless required. Save Paper & trees.
On 12/07/18 7:01 PM, Rowland Penny via samba wrote:
> On Thu, 12 Jul 2018 18:49:06 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>> But, all user/groups should have the same ids on all DCs right?
>> That's what we had thought all these days? Suppose we sync the
>> idmap.ldb along with sysvol, will it not call for restart of
>> Samba-ad-dc service every time the changes to GPs are made?
> Er, no, not by default, yes they will all have unique RID's, but they
> are not guaranteed to have the same xidNumber's, in fact, I can almost
> guarantee they wont.
> You do not have to restart Samba, just run 'net cache flush'
More information about the samba