Re: [Samba] Fwd: AD Policies are not applying properly
- Date: Fri, 23 Jun 2017 09:22:48 -0400
- From: lingpanda101 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Fwd: AD Policies are not applying properly
On 6/23/2017 7:24 AM, Rowland Penny via samba wrote:
As Rowland said, re-link it. It's empty and will not affect any future
GPO's you create. It will affect the sysvol folder if you modify the
default domain policies in anyway.
On Fri, 23 Jun 2017 16:27:44 +0530
Anantha Raghava via samba <samba@xxxxxxxxxxxxxxx> wrote:
We did not modify anything but yes, we did delink the default domain
Then relink it, you need it, but don't modify it, or the other default
Make sure you have both 'Default Domain Policy' and 'Default Domain
Controllers Policy' enabled and linked. Do not modify either of these
two. You can't simply create these if you delete them either as far as I
know with Samba.
Running 'sysvolreset' should not have corrupted your policies. I know
there has been debate on running sysvolreset or not, but in my testing I
have not observed any negative side effect. Based upon the permissions
you currently have applied, it's probably the easiest way to recover
from your issue. I'm also using a central store for my policies. I'm
curious if those with issues are not.
Enabling RFC2307 doesn't automatically enable inheritance. It's function
is to create user and group ID's in a consistent manner across your
Linux domain members. Are you currently assigning UID's or GID's to any
object? If not then it sounds like RFC2307 is enabled but not being used.
I'm not sure if you can edit all appropriate permissions using gpedit to
correct your issue. The easiest way is to run 'sysvolreset'. If
sysvolreset fails, post the results.
To unsubscribe from this list go to the following URL and read the