[Samba] User GPOs not applied
Peter Milesson
miles at atmos.eu
Mon Apr 5 07:04:27 UTC 2021
Hi folks,
I have got a problem where GPOs set for a single user or a user group
are not applied. The GPOs should be applied to Windows 10 Pro computers
when the specific user(s) log in. The GPOs are defined for users, not
computers. Domain GPOs for domain computers are applied appropriately,
roaming profiles work, authentication works, the sysvol and netlogon
shares on the DC are accessible and readable by all users, DNS works. I
have tried with existing users and newly created test users. The GPOs
are not applied. The GPOs (minimum Windows server 2003 or XP) are:
- Set time limit for disconnected sessions
- Set time limit for active but idle Remote Services sessions
- End session when time limits are reached
The AD DC is a self compiled 4.9.1, CentOS 7.9, the kernel is the latest
EL-repo ML-kernel (5.11.7-1). SSSD is NOT installed, neither is NIS or
NFS. The .local TLD is used in the network (for almost 20 years), and
all mDNS och zero configurations are prohibited and disabled. All
workstations in the network are Windows 10 Pro with the latest updates,
and ESET Business antivirus. The main file server, containing the user
profiles, runs CentOS 7.8 with Samba 4.10.4, which I assume has got
nothing to do with the problem.
Would installing and setting up a new Debian Buster AD DC solve the problem?
Best regards,
Peter
smb.conf
========
# Global parameters
[global]
netbios name = KONADC
realm = KONSTRUKCE.LOCAL
server role = active directory domain controller
workgroup = KONSTRUKCE
idmap_ldb:use rfc2307 = yes
username map = /etc/samba/user.map
dns forwarder = 192.168.0.221
[netlogon]
path = /var/lib/samba/sysvol/konstrukce.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
krb5.conf
========
[libdefaults]
default_realm = KONSTRUKCE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
resolv.conf
=========
search konstrukce.local
nameserver 127.0.0.1
nsswitch.conf
===========
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
More information about the samba
mailing list