[Samba] GPO on a DC
samba-ml-en at protonmail.com
Tue Jun 21 15:23:41 UTC 2022
Thank you David,
userAccountControl=532480 is the value (SERVER_TRUST_ACCOUNT|TRUSTED_FOR_DELEGATION)
As of oddjob-gpupdate I prefer to use winbind if possible, it is more complex but has better flexibility than SSSD.
> Have you tried running the job using oddjob-gpupdate
> (https://github.com/openSUSE/oddjob-gpupdate)? You could set this up as
> a work around. This would be a more appropriate method for your ADDC
> anyhow, so that winbind isn't required.
> So, your failure is happening in libgpo/pygpo.c:py_ads_get_gpo_list
> Could you do an ldap search for the 'userAccountControl' attribute on
> that ADDC machine object?
More information about the samba