Web lists-archives.com

Re: [Samba] Fwd: AD Policies are not applying properly

On 6/23/2017 7:24 AM, Rowland Penny via samba wrote:
On Fri, 23 Jun 2017 16:27:44 +0530
Anantha Raghava via samba <samba@xxxxxxxxxxxxxxx> wrote:


We did not modify anything but yes, we did delink the default domain
controller policy.

Then relink it, you need it, but don't modify it, or the other default


As Rowland said, re-link it. It's empty and will not affect any future GPO's you create. It will affect the sysvol folder if you modify the default domain policies in anyway.

Make sure you have both 'Default Domain Policy' and 'Default Domain Controllers Policy' enabled and linked. Do not modify either of these two. You can't simply create these if you delete them either as far as I know with Samba.

Running 'sysvolreset' should not have corrupted your policies. I know there has been debate on running sysvolreset or not, but in my testing I have not observed any negative side effect. Based upon the permissions you currently have applied, it's probably the easiest way to recover from your issue. I'm also using a central store for my policies. I'm curious if those with issues are not.

Enabling RFC2307 doesn't automatically enable inheritance. It's function is to create user and group ID's in a consistent manner across your Linux domain members. Are you currently assigning UID's or GID's to any object? If not then it sounds like RFC2307 is enabled but not being used.

I'm not sure if you can edit all appropriate permissions using gpedit to correct your issue. The easiest way is to run 'sysvolreset'. If sysvolreset fails, post the results.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba