Author Topic: sysvol Policies folder disappears  (Read 2002 times)

desperados

  • Zen Monk
  • **
  • Posts: 64
  • Karma: +4/-0
    • View Profile
sysvol Policies folder disappears
« on: November 30, 2016, 02:15:24 pm »
Hi
I've 2 Zentyal 4.2 servers, 1 PDC and 1 BDC
I've noticed that some clients, when I try to "gpupdate /force", give me error "The processing of Group Policy failed. Windows attempted to read the file " etc., and if I try to access \\mydomain\sysvol\mydomain\ I can't see Policies folder, if I access \\pdc\sysvol\pdc I can and if I access \\bdc\sysvol\bdc I can't

so I've searched what can cause this problem and I found these posts:
https://forum.zentyal.org/index.php/topic,21930.msg84424.html#msg84424
https://forum.zentyal.org/index.php/topic,23116.msg89031.html#msg89031
I've tried "samba-tool ntacl sysvolreset" but I can't fix, and this command gives me this error:

PDC
Quote
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/mydomain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1631, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

BDC
Quote
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 218, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1619, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1512, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
« Last Edit: November 30, 2016, 02:21:29 pm by desperados »

desperados

  • Zen Monk
  • **
  • Posts: 64
  • Karma: +4/-0
    • View Profile
Re: sysvol Policies folder disappears
« Reply #1 on: December 01, 2016, 09:56:10 am »