im creating the GPO's on RSAT, it is showed on SYSVOL, on event viewer of clients there is no errors related with gpo and if u do a gpresult the gpo is there but nothing happens. ( not even a simple gpo to map a drive )
I think "fast" solution is delete this gpo and create new one, if also dont work, could be permissions problem, please post results;
samba-tool gpo listall
samba-tool gpo show (uid gpo)
getfacl /var/lib/samba/sysvol/yourdomain/Policies/selectyougpo
Sadly this is happening with every GPO under USER CONFIGURATION.
This is a new gpo trying to MAP a drive (SYSVOL) where everyone has RO
samba-tool gpo show {350F6B90-53FB-4609-8EC8-1788A79AB62D}
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.CONTACTCENTER.COM<0x0>
resolve_lmhosts: Attempting lmhosts lookup for name ROSDC002.contactcenter.com<0x20>
GPO : {350F6B90-53FB-4609-8EC8-1788A79AB62D}
display name : MAP DRIVE
path : \\contactcenter.com\SysVol\contactcenter.com\Policies\{350F6B90-53FB-4609-8EC8-1788A79AB62D}
dn : CN={350F6B90-53FB-4609-8EC8-1788A79AB62D},CN=Policies,CN=System,DC=contactcenter,DC=com
version : 262144
flags : NONE
ACL : <hidden>
getfacl /var/lib/samba/sysvol/contactcenter.com/Policies/{350F6B90-53FB-4609-8EC8-1788A79AB62D}
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol/contactcenter.com/Policies/{350F6B90-53FB-4609-8EC8-1788A79AB62D}
# owner: CONTACTCENTER\134da-leonmosq
# group: CONTACTCENTER\134domain\040admins
user::rwx
user:CONTACTCENTER\134da-leonmosq:rwx
user:3000002:rwx
user:3000003:r-x
user:3000007:rwx
user:3000010:r-x
user:3000019:r-x
group::rwx
group:CONTACTCENTER\134domain\040admins:rwx
group:NT\040AUTHORITY\134system:rwx
group:NT\040AUTHORITY\134authenticated\040users:r-x
group:CONTACTCENTER\134enterprise\040admins:rwx
group:NT\040AUTHORITY\134serverlogon:r-x
group:CONTACTCENTER\134domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:user:CONTACTCENTER\134da-leonmosq:rwx
default:user:3000002:rwx
default:user:3000003:r-x
default:user:3000007:rwx
default:user:3000010:r-x
default:user:3000019:r-x
default:group::---
default:group:CONTACTCENTER\134domain\040admins:rwx
default:group:NT\040AUTHORITY\134system:rwx
default:group:NT\040AUTHORITY\134authenticated\040users:r-x
default:group:CONTACTCENTER\134enterprise\040admins:rwx
default:group:NT\040AUTHORITY\134serverlogon:r-x
default:group:CONTACTCENTER\134domain\040computers:r-x
default:mask::rwx
default:other::---