Hi
I've 2 Zentyal 4.2 servers, 1 PDC and 1 BDC
I've noticed that some clients, when I try to "gpupdate /force", give me error "The processing of Group Policy failed. Windows attempted to read the file " etc., and if I try to access \\mydomain\sysvol\mydomain\ I can't see Policies folder, if I access \\pdc\sysvol\pdc I can and if I access \\bdc\sysvol\bdc I can't
so I've searched what can cause this problem and I found these posts:
https://forum.zentyal.org/index.php/topic,21930.msg84424.html#msg84424https://forum.zentyal.org/index.php/topic,23116.msg89031.html#msg89031I've tried "samba-tool ntacl sysvolreset" but I can't fix, and this command gives me this error:
PDCERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/mydomain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1631, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
BDCconnect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 218, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1619, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1512, in set_gpos_acl
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)