[Samba] Sysvol reset
rpenny at samba.org
Fri Sep 6 20:29:39 UTC 2019
On 06/09/2019 20:54, me at tdiehl.org wrote:
> On Fri, 6 Sep 2019, Rowland penny via samba wrote:
>> On 06/09/2019 17:05, Tom Diehl via samba wrote:
>>> Hi Louis,
>>> On Fri, 6 Sep 2019, L.P.H. van Belle via samba wrote:
>>>> Try the script, make backups of you sysvol first.
>>>> The script shows the correct settings, these are duplicated from a
>>>> windows 2008R2 server.
>>>> But here you go, the ms link to verify your settings.
>>> Thanks for the link. I like pictures. :-)
>>>> But i must also say, start with upgrading you samba-ad-dc's.
>>> I plan to upgrade but I was thinking I should fix the sysvol problems
>>> making more changes. Are you saying I should upgrade first? Is there a
>>> compelling reason to upgrade past 4.9.latest at this time?
>> Samba has three levels of support for each minor version, spread over
>> 18 months:
>> Fully supported for first six months
>> Maintenance fixes for the next six months
>> Security fixes only for the last six months
>> 4.9.x is in maintenance mode at the moment, but 4.11.0 is fairly
>> imminent and, when it is released, 4.9.x will drop into security
>> fixes only (4.8.x will go EOL at this time)
>> That is the reason to upgrade to the highest version possible, plus
>> you will get numerous fixes that have been added to 4.10.x
> Right I get that. The problem for me is that at this time, anything past
> 4.9.latest is going to require either switching to a distro I know
> nothing about
> (One of the Debian variants but which one?) or figuring out the
> python3 crap on
> Centos 7 or wait for Centos 8. Hopefully once Centos 8 is a real thing
> there will be a list of required packages to build samba like there is
> with Centos 7. Hence my hesitation with moving past 4.9.x at this time.
> I expect that will change in the next few weeks.
> Now if you said there was some bug fix in 4.10 that would get group
> policy working
> again, I would most likely bite the bullet and go for it since you are
> after all
> one of the samba gods. :-)
First time anybodies called me that ;-)
> One question I do have is, is it expected that if I try to run
> gpresult as administrator
> that I get an error that says "The user SAMDOM\Administrator does not
> have RSOP data?
Louis is the Windows expert here, but I think that is just because
Administrator hasn't logged into the system.
> Also, In the gpmc if I try to run the "group policy modeling wizard" I
> get an error that says
> "The rpc server is unavailable" Is that also expected or do I have
> other issues?
Sort of, it doesn't happen all the time and not for everyone, but
normally just pressing 'OK' is enough.
> The server services in smb.conf is as follows:
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> If I read this correctly, rpc should be available. Is this correct?
Yes, but I don't think Samba is the problem, well, not in that way. I
think Windows checks for the RPC server in a way that Samba doesn't
understand, or Samba replies in a way that Windows doesn't understand,
but either way, once you have got pas that message box, it usually works.
> TBH, when it comes to windows tools I am never sure what is supposed
> to work with Samba
> and what is not.
Not by yourself there, I prefer the Command line.
> FWIW both DC's are now on 4.8.12. Tomorrow I will upgrade them to
More information about the samba