[Samba] Samba 4 and GPOs
Bering, Uwe
Uwe.Bering at lwv-hessen.de
Mon Oct 31 06:31:34 UTC 2022
Hi,
thanks for your efforts. Of course "domain.local" is only a placeholder ...
'samba-tool ntacl sysvolcheck' was the solution. Now it works fine. Thank U very much
Uwe
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland
> Penny via samba
> Gesendet: Freitag, 28. Oktober 2022 14:22
> An: samba at lists.samba.org
> Cc: Rowland Penny <rpenny at samba.org>
> Betreff: Re: [Samba] Samba 4 and GPOs
>
>
>
> On 28/10/2022 12:49, Bering, Uwe via samba wrote:
> > Hi togehter,
> >
> > for each of our 20 schools we run a debian Server (bullseye) with Samba
> 4.16.5 as primary ad-dc.
>
> No such thing as a 'primary' DC, there is the FSMO 'PDC_Emulator' role, but
> this doesn't make it the primary DC.
>
> There's no replication to another dc, there isn't another dc at all in this
> network. It worked fine in all demands
>
> I do hope that you are backing up the AD domain, because you have a single
> point of failure there.
>
> >
> > Now I tried fort he first time to use the GPOs.
> > The Installation of a central admx-store worked fine and also the first GPO I
> applied to a client.
> >
> > After some experiments I just encountered an error when invoking
> gpupdate on the client:
> >
> > = = = = = = = = = = = = =
> > The processing of Group Policy failed. Windows attempted to read the file
> \\domain.local\sysvol\domain.local\Policies\{9CF5E225-C40D-452D-A5CE-
> 0288D40407BA}\gpt.ini from a domain controller and was not successful.
> Group Policy settings may not be applied until this event is resolved.
> > = = = = = = = = = = = = =
>
> I do hope that 'domain.local' is a placeholder for your actual dns domain and
> that it doesn't end in '.local', if it does, turn of Avahi everywhere and do not
> connect from a Mac.
>
> >
> > From the client I can open
> \\[server]\\sysvol\[domain]\Policies\[guid]\GPT.INI, I have even write
> access to this location.
> >
> > Does anybody have an idea to solve this Problem?
> >
> > Viele Grüße
> > Uwe
> >
>
> Have you tried running 'samba-tool ntacl sysvolcheck' and if required 'samba-
> tool ntacl sysvolreset'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list