Corrupted GPO

George Lazar lazar.george at gmail.com
Tue Jun 29 09:09:45 MDT 2010 



Matthieu Patou-7 wrote:
> 
>   On 29/06/2010 18:39, George Lazar wrote:
>>
>>
>> Matthieu Patou-7 wrote:
>>>    Hi Georges,
>>>
>>>>>> Regarding the output, the GPO I was creating when I started to
>>>>>> receive
>>>>>> "there is not enough space" is record no. 13... (Themes Enabled GPO)
>>>>>>
>>>>>> The content of /usr/local/samba/var/locks/.. doesn't seems not
>>>>>> unusual.
>>>>>> I
>>>>>> have there all the policies owned by 3000008 as before.
>>>>> Yes but I need it to see if all the policy object declared in the
>>>>> Policies container are also here on the filesystem.
>>>>>
>>>>> See attached policies.png
>>>>>
>>>>> More specifically can you show the content of
>>>>> {391F2562-1AB9-4CA5-BC87-4BD72929CC5E} folder ?
>>>>> Can you access
>>>>> \\domain.eu\SysVol\domain.eu\Policies\{391F2562-1AB9-4CA5-BC87-4BD72929CC5E}
>>>>> ?
>>>>> Do you see a file called gpt.ini and two folders MACHINE and USER ?
>>>>> If no can create the folder and the file with the following content:
>>>>> [General]
>>>>> Version=65543
>>>>>
>>>>> See attached policy.png http://old.nabble.com/file/p29022853/GPO.JPG
>>>>> GPO.JPG  http://old.nabble.com/file/p29022853/polcies.PNG polcies.PNG
>>>>> http://old.nabble.com/file/p29022853/policy.PNG policy.PNG
>>> It's the fist time I see such things but I'm not the most experienced
>>> with gpo.
>>>
>>> Ok let's try to nuke the GPO:
>>> do a tdbbackup on all the ldb files in /usr/local/samba/private then
>>>
>>> Done.
>>>
>>> ldbedit -H ldap:/localhost -b
>>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>>>
>>> You should have three objects, remove them.
>>>
>>> It doesn't let me delete them, I got:
>>> failed to delete
>>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>>> - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -<00002098: insufficient
>>> access rights>  <>
>>>
>>> I'm doing this as root but should I stop samba first?
>>>
> no You have to get authenticated: ldbedit -H .... -U DOMAIN\\User
> 
> with authentication I got another error:
>  LDAP error 66 LDAP_NOT_ALLOWED_ON_NON_LEAF -  <00002015: Not allowed on
> non-leaf> <>
> 
> 
> -- 
> Matthieu Patou
> Samba Team        http://samba.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Corrupted-GPO-tp29020398p29024754.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.

More information about the samba-technical mailing list