[Samba] Sysvol reset

Fri Sep 6 19:54:40 UTC 2019

On Fri, 6 Sep 2019, Rowland penny via samba wrote:

> On 06/09/2019 17:05, Tom Diehl via samba wrote:
>>  Hi Louis,
>>
>>  On Fri, 6 Sep 2019, L.P.H. van Belle via samba wrote:
>>
>>>  Hai,
>>>
>>>  Try the script, make backups of you sysvol first.
>>>
>>>  The script shows the correct settings, these are duplicated from a
>>>  windows 2008R2 server.
>>>
>>>  But here you go, the ms link to verify your settings.
>>>  https://support.microsoft.com/nl-nl/help/2838154/permissions-for-this-gpo-in-the-sysvol-folder-are-inconsistent-with-th 
>>> 
>>
>>  Thanks for the link. I like pictures. :-)
>> 
>>>
>>>  But i must also say, start with upgrading you samba-ad-dc's.
>>
>>  I plan to upgrade but I was thinking I should fix the sysvol problems
>>  before
>>  making more changes. Are you saying I should upgrade first? Is there a
>>  compelling reason to upgrade past 4.9.latest at this time?
>>
>>  Regards,
>> 
> Samba has three levels of support for each minor version, spread over 18 
> months:
>
> Fully supported for first six months
>
> Maintenance fixes for the next six months
>
> Security fixes only for the last six months
>
> 4.9.x is in maintenance mode at the moment, but 4.11.0 is fairly imminent 
> and, when it is released, 4.9.x will drop into security fixes only (4.8.x 
> will go EOL at this time)
>
> That is the reason to upgrade to the highest version possible, plus you will 
> get numerous fixes that have been added to 4.10.x

Right I get that. The problem for me is that at this time, anything past
4.9.latest is going to require either switching to a distro I know nothing about
(One of the Debian variants but which one?) or figuring out the python3 crap on
Centos 7 or wait for Centos 8. Hopefully once Centos 8 is a real thing
there will be a list of required packages to build samba like there is
with Centos 7. Hence my hesitation with moving past 4.9.x at this time.
I expect that will change in the next few weeks.

Now if you said there was some bug fix in 4.10 that would get group policy working
again, I would most likely bite the bullet and go for it since you are after all
one of the samba gods. :-)

One question I do have is, is it expected that if I try to run gpresult as administrator
that I get an error that says "The user SAMDOM\Administrator does not have RSOP data?

Also, In the gpmc if I try to run the "group policy modeling wizard" I get an error that says
"The rpc server is unavailable" Is that also expected or do I have other issues?

The server services in smb.conf is as follows:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
If I read this correctly, rpc should be available. Is this correct?

TBH, when it comes to windows tools I am never sure what is supposed to work with Samba
and what is not.

FWIW both DC's are now on 4.8.12. Tomorrow I will upgrade them to 4.9.latest.

Regards,

-- 
Tom			me at tdiehl.org