[Samba] Continued Group Policy issues

Anantha Raghava raghav at exzatechconsulting.com
Mon Jul 16 12:07:21 UTC 2018


Thanks for clarification.

However, we held back from implementing your suggestion and observed 
that after about 40 odd hours from the initial publishing of the 
policies, all clients connecting to any of the Domain Controllers 
started to get the policies. No client was throwing any error while 
applying the policies from any of the 4 Domain Controllers.

Does it mean that "idmap.ldb" is taking time to replicate automatically? 
Or is it some other issue? Nothing interesting about this is logged in 
samba. Sysvol is getting replicated as soon as any policy is added or 
modified or deleted on the first domain controller.

Basically we are implementing "Software While Listing" policies and 
these are defined as computer policies. The error started to show up 
once the policy was linked.

Any hints on this behavior?


Thanks & Regards,

Anantha Raghava

Do not print this e-mail unless required. Save Paper & trees.

On 12/07/18 7:01 PM, Rowland Penny via samba wrote:
> On Thu, 12 Jul 2018 18:49:06 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>> Hi,
>> But, all user/groups should have the same ids on all DCs right?
>> That's what we had thought all these days? Suppose we sync the
>> idmap.ldb along with sysvol, will it not call for restart of
>> Samba-ad-dc service every time the changes to GPs are made?
> Er, no, not by default, yes they will all have unique RID's, but they
> are not guaranteed to have the same xidNumber's, in fact, I can almost
> guarantee they wont.
> You do not have to restart Samba, just run 'net cache flush'
> Rowland

More information about the samba mailing list