Web lists-archives.com

Re: [Samba] GPOs not Working!




On 02/06/2018 03:24 PM, L.P.H. van Belle via samba wrote:
ok,

do the following.
set ignore systemacl to yes on sysvol and netlogon.

Added "acl_xattr:ignore system acls = yes" to both shares, restarted the server


login as dom\administrator
computer manager, connect to dc.
share sysvol, goto share security, reset to defalts.
same for folder.

I don't get the "Reset to defaults" option. There are two security related tabs, "Permission of shared resources" (or something like that, Windows is not in English) with only permissions for Everyone with Full control, Change and Read.

The other tab is the standard "Security" tab, those tabs don't show any reset to default option


goto gpo manager,
klik on every gpo object, if one has wrong acl, you get a message to reset it, thats ok.

now never samba-tool sysvol reset
if you do, you might need to set share/file security again.

Greetz
Louis

p.s rowland, now you can change the default gpo’s also.



Op 6 feb. 2018 om 20:14 heeft Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> het volgende geschreven:

On Tue, 6 Feb 2018 15:03:16 -0400
Robert Marcano via samba <samba@xxxxxxxxxxxxxxx> wrote:

Thanks for the information, to use a default GPO was a simple way to
try to encourage someone to reproduce the problem.

I already created new GPOs (this is a test domain) Using the default
filter for a new GPO, "Authenticated users", creating a new group for
the test clients and using that as the filter, checking it have the
right permissions (apply), checking every guide about applying GPO to
computers. Using OUs and using domain level GPOs.

What I find weird is that gpresult doesn't list the computer as a
member of groups I create, only a few predefined ones:

   NULL SID
   NT AUTHORITY\NETWORK,
   This company,
   and something like "mandatory level of no trust" (Windows is not in
english)


Do not alter the two default GPOs, it doesn't work ;-)

Creating new GPOs should work, just do not run sysvolreset after
creating them.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba