[Samba] GPOs, sysvol and such related plumbing
sergio at serjux.com
Sat Apr 13 22:52:02 UTC 2019
On Sat, 2019-04-13 at 20:40 +0100, miguel medalha via samba wrote:
> Who am I to say this? I am only a lowly user and would-be admin, but
> seems to me that one of the most useful features of an AD
> GPOs, is not fully trust-able under Samba because of instability and
> ensuing fear, before and after each update, related to sysvol and
> knows what.
My experience was :
1. Mit kbr doesn't support it, we need to use the old kbr system.
2. We need disable selinux , selinux permissive is not enough to allow
to write on shared folder sysvol. it cause crashes on windows.
3. When we have 2 or more DC(s) we need to force client tools like RAST
only write in the first DC because "Samba in its current state doesn't
support SysVol replication" , if RAST write randomly on DC(s) we may
have errors like: samba-tool ntacl sysvolreset, - open: error=2 (No
such file or directory) 
4. With an efficient replication and writing POL(s) just in first DC ,
seems that works well.
Sérgio M. B.
More information about the samba