Error when applying group policies on a Samba 4 AD member

Today I ran into the following issue:

C:\WINDOWS\system32>gpupdate /force
Updating policy...

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file 
\\YOUR.DOMAIN\sysvol\YOUR.DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy update has completed successfully.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html 
from the command line to access information about Group Policy results.

The solution is simple:

samba-tool ntacl sysvolreset

Found in a mailing list post.


via blog.vucica.net

3 thoughts on “Error when applying group policies on a Samba 4 AD member

    1. Ivan Vučica Post author


      [netlogon]
      path = /var/lib/samba/sysvol/ds.badc0de.net/scripts
      read only = No

      [sysvol]
      path = /var/lib/samba/sysvol
      read only = No

      I doubt this will help with anything in particular though.

      Reply
  1. Rodrigo Cavalcante

    Hi dear, Help me please.

    /usr/local/samba/bin/samba-tool ntacl sysvolreset
    open: error=2 (No such file or directory)
    ERROR(runtime): uncaught exception – (-1073741823, 'Undetermined error')
    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 218, in run
    lp, use_ntvfs=use_ntvfs)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1612, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1517, in set_gpos_acl
    passdb=passdb)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1480, in set_dir_acl
    setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

    —- SMB CONF —-
    [global]
    workgroup = CIS
    realm = CIS.MAO
    netbios name = DEBIAN
    server role = active directory domain controller
    dns forwarder = 8.8.8.8

    [netlogon]
    path = /usr/local/samba/var/locks/sysvol/cis.mao/scripts
    read only = No

    [sysvol]
    path = /usr/local/samba/var/locks/sysvol
    read only = No

    Publica]
    path = /home/dados/ti
    read only = No

    [TI]
    path =/home/dados/ti
    read only = No
    comment = Diretorio T.I
    browseable = yes
    guest ok = no
    writeable = yes
    [Producao]
    path =/home/dados/producao
    read only = No
    comment = Diretorio Producao
    browseable = yes
    guest ok = no
    writeable = yes
    [Diretoria]
    path = /home/dados/diretoria
    read only = No

    [ADM]
    path = /home/dados/adm
    read only = no

    Reply

Leave a Reply

Your email address will not be published.

 

What is 9 + 2 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

This site uses Akismet to reduce spam. Learn how your comment data is processed.