[Samba] Samba 4 and GPOs

Bering, Uwe Uwe.Bering at lwv-hessen.de
Mon Oct 31 06:31:34 UTC 2022


Hi,

thanks for your efforts. Of course "domain.local" is only a placeholder ...

'samba-tool ntacl sysvolcheck' was the solution. Now it works fine. Thank U very much

Uwe

> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland
> Penny via samba
> Gesendet: Freitag, 28. Oktober 2022 14:22
> An: samba at lists.samba.org
> Cc: Rowland Penny <rpenny at samba.org>
> Betreff: Re: [Samba] Samba 4 and GPOs
> 
> 
> 
> On 28/10/2022 12:49, Bering, Uwe via samba wrote:
> > Hi togehter,
> >
> > for each of our 20 schools we run a debian Server (bullseye) with Samba
> 4.16.5  as primary ad-dc.
> 
> No such thing as a 'primary' DC, there is the FSMO 'PDC_Emulator' role, but
> this doesn't make it the primary DC.
> 
>   There's no replication to another dc, there isn't another dc at all in this
> network.  It worked fine in all demands
> 
> I do hope that you are backing up the AD domain, because you have a single
> point of failure there.
> 
> >
> > Now I tried fort he first time to use the GPOs.
> > The Installation of a central admx-store worked fine and also the first GPO I
> applied to a client.
> >
> > After some experiments I just encountered an error when invoking
> gpupdate on the client:
> >
> > = = = = = = = = = = = = =
> > The processing of Group Policy failed. Windows attempted to read the file
> \\domain.local\sysvol\domain.local\Policies\{9CF5E225-C40D-452D-A5CE-
> 0288D40407BA}\gpt.ini from a domain controller and was not successful.
> Group Policy settings may not be applied until this event is resolved.
> > = = = = = = = = = = = = =
> 
> I do hope that 'domain.local' is a placeholder for your actual dns domain and
> that it doesn't end in '.local', if it does, turn of Avahi everywhere and do not
> connect from a Mac.
> 
> >
> >  From the client I can open
> \\[server]\\sysvol\[domain]\Policies\[guid]\GPT.INI, I have even write
> access to this location.
> >
> > Does anybody have an idea to solve this Problem?
> >
> > Viele Grüße
> > Uwe
> >
> 
> Have you tried running 'samba-tool ntacl sysvolcheck' and if required 'samba-
> tool ntacl sysvolreset'
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list