[Samba] strange gpo behaviour
Sérgio Basto
sergio at serjux.com
Wed Apr 17 17:29:19 UTC 2019
On Tue, 2019-04-16 at 15:00 -0700, Ray Klassen via samba wrote:
> -- 3 samba 4.10.2 DC's, binaries compiled from tarballs on Debian
> stretch
> -- 2 DC's are on the same (main office) LAN, one is at another
> location
> vpn'ed to the main office
>
> -- randomly windows 10 pc's will not be able to complete a gpupdate
> (repeated tries) with no consistency as to solutions. Sometimes the
> pc's
> can't connect to the \\dc\sysvol\local.somedomain.com
> -- we've tried (and thought we had it)
> -- samba-tool ntacl sysvolreset
> -- synchronizing time (again) between servers, and between
> servers and pc's
> -- rebooting pc's
>
> sometimes any of these measures seem to suddenly work and then not.
>
> any pointers?
(copy and paste from another email )
My experience was :
1. Mit kbr doesn't support it, we need to use the old kbr system.
2. We need disable selinux , selinux permissive is not enough to allow
to write on shared folder sysvol. it cause crashes on windows.
3. When we have 2 or more DC(s) we need to force client tools like RAST
only write in the first DC because "Samba in its current state doesn't
support SysVol replication" [1], if RAST write randomly on DC(s) we may
have errors like: samba-tool ntacl sysvolreset, - open: error=2 (No
such file or directory) [2]
4. With an efficient replication and writing POL(s) just in first DC ,
seems that works well.
Best Regards,
[1]
https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
https://www.tecmint.com/samba4-ad-dc-sysvol-replication/
[2] https://lists.samba.org/archive/samba/2018-September/218137.html
> Ray
>
>
--
Sérgio M. B.
More information about the samba
mailing list