GPO Replikation auf Standorte

samba-ad
german
group-policy

#1

Hallo,
wir haben eine Umgebung mit einem UCS-Master, einem UCS-Backup und mehreren UCS-Slave (Standort-Server).
An den Standorten soll der Betrieb der Windows-Clients mit GPOs geregelt werden.
Allerdings kommt es scheinbar bei der Replikation der GPOs zu Problemen.
Der Richtlienienclient an den Standorten “sieht” nur den jeweiligen Slave als “Basisdomänencontroller”.
Wenn ich dann dort eine GPO erstelle bzw. bearbeite, dann kommt es manchmal an den Standorten zu massiven Problemen beim Verarbeiten der Richtlinien.
Genauer kann ich das nicht beschreiben, weil ich die Probleme noch nicht transparent replizieren kann.
Gibt es ein prinzipielles Vorgehen beim Arbeiten mit GPOs bei mehreren Standorten?


#2

Ist das eine UCS@school Umgebung oder eine Standard-UCS-Installation?


#3

ja, das ist eine UCS-school Umgebung. Derzeit kopiere ich nach Änderungen der GPO an einem Standort alle Policies auf die sysvol’s der anderen Standorte von Hand. Da wir nicht so viele Standorte haben, ist das noch “OK”, aber sicher nicht so gedacht.


#4

Guten Tag ucs-nutzer,

Ja das ist OK. Eigentlich sollte das automatisch funktioniert.

Grüß

Anna


#5

Hallo,
danke für die Antwort.
Wenn ich die richtig interpretiere, dann haben die UCS-Slave auch Schreibrechte auf dem Sysvol, damit z.B.GPOs zu den anderen Standorten repliziert werden können.
D.h. bei unserem Setup scheint etwas mit den Rechten nicht zu stimmen?
Gibt es einen Weg, die Berechtigungen so zu setzen, wie sie sein sollen?
Mittlerweile ist die “Handarbeit” doch etwas umstädlich…


#6

Gibt es Hinweise in /var/log/univention/sysvol auf den unterschiedlichen Systemen?


#7

in /var/log/univention/sysvol-sync.log stehen nur vereinzelt Einträge wie:
2017-10-10 10:21:23 ERROR […] Could not aquire remote read lock after 30 seconds.
2017-10-10 10:21:23 ERROR […] Skipping sync to local sysvol!

seit den letzten Updates der UCS wird unter “System-Fehlderdiagnose” auch auf “sysvol ACL” Probleme hingewiesen.
das bei der Diagnose beliegende Reparatur-Werkzeug, zeigt erst Wirkung, wenn ich die neu angelegte GPOs wieder von Hand verteilt habe


#8

Am besten mal den folgenden Befehl ausführen und die Ausgabe posten / hochladen:

bash -x /usr/share/univention-samba4/scripts/sysvol-sync.sh

#9

hier der Befehl auf dem Master:

root@eusib-ucs-ma:~# bash -x /usr/share/univention-samba4/scripts/sysvol-sync.sh
+ . /usr/share/univention-lib/ucr.sh
++ /usr/sbin/univention-config-registry shell hostname samba4/sysvol/sync/host
+ eval hostname=eusib-ucs-ma
++ hostname=eusib-ucs-ma
+ DEBUG=false
+ SYSVOL_PATH=/var/lib/samba/sysvol
+ SYSVOL_SYNCDIR=/var/cache/univention-samba4/sysvol-sync
+ SYSVOL_SYNC_TRIGGERDIR=/var/cache/univention-samba4/sysvol-sync/.trigger
+ PROCESS_LOCKFILE=/var/lock/sysvol-sync-process
+ SYSVOL_LOCKFILE=/var/lock/sysvol-sync-dir
+ LC_ALL=C
+ flock -un 9
+ '[' -d /var/cache/univention-samba4/sysvol-sync/.trigger ']'
+ chgrp 'DC Slave Hosts' /var/cache/univention-samba4/sysvol-sync/.trigger
+ chmod g+w /var/cache/univention-samba4/sysvol-sync/.trigger
+ is_ucr_true samba4/sysvol/sync/debug
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/debug
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
+ is_ucr_true samba4/sysvol/sync/setfacl/AU
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/setfacl/AU
+ value=false
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n false
++ tr '[:upper:]' '[:lower:]'
+ return 1
+ '[' '!' 1 -eq 1 ']'
+ '[' '' = --overwrite-local ']'
+ default_rsync_options=("-auAX" "--dirs-update")
+ touch /var/lock/sysvol-sync-dir
+ chgrp 'DC Slave Hosts' /var/lock/sysvol-sync-dir
+ chmod g+w /var/lock/sysvol-sync-dir
+ sync_from_active_downstream_DCs
+ is_ucr_false samba4/sysvol/sync/from_downstream
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_downstream
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
++ find /var/cache/univention-samba4/sysvol-sync/.trigger -mindepth 1 -maxdepth 1 -type f
+ for triggerfile in '$(find "${SYSVOL_SYNC_TRIGGERDIR}" -mindepth 1 -maxdepth 1 -type f)'
+ rm /var/cache/univention-samba4/sysvol-sync/.trigger/wir-ucs-sl
++ basename /var/cache/univention-samba4/sysvol-sync/.trigger/wir-ucs-sl
+ s4dc=wir-ucs-sl
+ '[' wir-ucs-sl = eusib-ucs-ma ']'
+ log_prefix=wir-ucs-sl
+ importdir=/var/cache/univention-samba4/sysvol-sync/wir-ucs-sl
+ stderr_log_debug '[wir-ucs-sl] rsync check for changes on downstream DC'
+ false
+ rsync_options=(-aAX --delete --delete-excluded --exclude='scripts/user/.*.vbs.[[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]]')
+ remote_login='eusib-ucs-ma$@wir-ucs-sl'
+ check_if_need_sync 'eusib-ucs-ma$@wir-ucs-sl' /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl -aAX --delete --delete-excluded '--exclude=scripts/user/.*.vbs.[[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]]'
+ local 'remote_login=eusib-ucs-ma$@wir-ucs-sl'
+ shift
+ local dst=/var/cache/univention-samba4/sysvol-sync/wir-ucs-sl
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ local need_sync
+ local 'src=eusib-ucs-ma$@wir-ucs-sl:/var/lib/samba/sysvol'
++ univention-ssh-rsync /etc/machine.secret --dry-run -v -aAX --delete --delete-excluded '--exclude=scripts/user/.*.vbs.[[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]]' 'eusib-ucs-ma$@wir-ucs-sl:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl
++ tail --lines=+2
++ head --lines=-3
+ need_sync=
+ '[' -z '' ']'
+ return 1
+ '[' 1 -eq 0 ']'
+ stderr_log_debug '[wir-ucs-sl] No downstream changes.'
+ false
+ all_files_and_dirs_have_acls /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl wir-ucs-sl
++ ucr get domainname
+ local dir=/var/cache/univention-samba4/sysvol-sync/wir-ucs-sl/eusib.intranet/Policies
+ shift
+ local host=wir-ucs-sl
+ '[' -d /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl/eusib.intranet/Policies ']'
+ stderr_log_debug '[wir-ucs-sl] checking ACL'\''s'
+ false
++ getfacl -span -R /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl/eusib.intranet/Policies
++ sed -ne 's/^# file: //p'
++ sort
++ md5sum
+ a_md5='318275e93d98011842314832fa08ecbf  -'
++ find /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl/eusib.intranet/Policies -type f -o -type d
++ sort
++ md5sum
+ f_md5='318275e93d98011842314832fa08ecbf  -'
+ '[' '318275e93d98011842314832fa08ecbf  -' '!=' '318275e93d98011842314832fa08ecbf  -' ']'
+ return 0
+ sync_to_local_sysvol /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl -auAX --dirs-update
+ local importdir=/var/cache/univention-samba4/sysvol-sync/wir-ucs-sl
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ stderr_log_debug '[wir-ucs-sl] local sync from importdir to sysvol'
+ false
+ stderr_log_debug '[wir-ucs-sl] trying to get exclusive (write) lock on local sysvol'
+ false
+ timeout=60
+ flock --timeout=60 8
++ rsync -auAX --dirs-update /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl/ /var/lib/samba/sysvol
+ out=
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'
+ sync_from_upstream_DC


#10

Und die Ausgabe vom Slave?


#11

slave1:

root@pkr-ucs-sl:~# bash -x /usr/share/univention-samba4/scripts/sysvol-sync.sh
+ . /usr/share/univention-lib/ucr.sh
++ /usr/sbin/univention-config-registry shell hostname samba4/sysvol/sync/host
+ eval 'hostname=pkr-ucs-sl
samba4_sysvol_sync_host=eusib-ucs-ma'
++ hostname=pkr-ucs-sl
++ samba4_sysvol_sync_host=eusib-ucs-ma
+ DEBUG=false
+ SYSVOL_PATH=/var/lib/samba/sysvol
+ SYSVOL_SYNCDIR=/var/cache/univention-samba4/sysvol-sync
+ SYSVOL_SYNC_TRIGGERDIR=/var/cache/univention-samba4/sysvol-sync/.trigger
+ PROCESS_LOCKFILE=/var/lock/sysvol-sync-process
+ SYSVOL_LOCKFILE=/var/lock/sysvol-sync-dir
+ LC_ALL=C
+ flock -un 9
+ '[' -d /var/cache/univention-samba4/sysvol-sync/.trigger ']'
+ chgrp 'DC Slave Hosts' /var/cache/univention-samba4/sysvol-sync/.trigger
+ chmod g+w /var/cache/univention-samba4/sysvol-sync/.trigger
+ is_ucr_true samba4/sysvol/sync/debug
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/debug
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
+ is_ucr_true samba4/sysvol/sync/setfacl/AU
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/setfacl/AU
+ value=false
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n false
++ tr '[:upper:]' '[:lower:]'
+ return 1
+ '[' '!' 1 -eq 1 ']'
+ '[' '' = --overwrite-local ']'
+ default_rsync_options=("-auAX" "--dirs-update")
+ touch /var/lock/sysvol-sync-dir
+ chgrp 'DC Slave Hosts' /var/lock/sysvol-sync-dir
+ chmod g+w /var/lock/sysvol-sync-dir
+ sync_from_active_downstream_DCs
+ is_ucr_false samba4/sysvol/sync/from_downstream
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_downstream
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
++ find /var/cache/univention-samba4/sysvol-sync/.trigger -mindepth 1 -maxdepth 1 -type f
+ sync_from_upstream_DC
+ for s4dc in '$samba4_sysvol_sync_host'
+ '[' eusib-ucs-ma = pkr-ucs-sl ']'
+ log_prefix=eusib-ucs-ma
+ importdir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ remote_login='pkr-ucs-sl$@eusib-ucs-ma'
+ trigger_upstream_sync 'pkr-ucs-sl$@eusib-ucs-ma'
+ local 'remote_login=pkr-ucs-sl$@eusib-ucs-ma'
+ stderr_log_debug '[eusib-ucs-ma] placing triggerfile.'
+ false
++ univention-ssh --no-split /etc/machine.secret 'pkr-ucs-sl$@eusib-ucs-ma' -o ServerAliveInterval=15 'mkdir -p "/var/cache/univention-samba4/sysvol-sync/.trigger"; touch "/var/cache/univention-samba4/sysvol-sync/.trigger/pkr-ucs-sl"'
+ out='Could not chdir to home directory /dev/null: Not a directory'
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'
+ '[' 0 -ne 0 ']'
+ is_ucr_false samba4/sysvol/sync/from_upstream
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_upstream
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
+ stderr_log_debug '[eusib-ucs-ma] rsync check for changes on upstream DC'
+ false
+ rsync_options=("${default_rsync_options[@]}" --delete)
+ check_if_need_sync 'pkr-ucs-sl$@eusib-ucs-ma' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma -auAX --dirs-update --delete
+ local 'remote_login=pkr-ucs-sl$@eusib-ucs-ma'
+ shift
+ local dst=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ local need_sync
+ local 'src=pkr-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol'
++ univention-ssh-rsync /etc/machine.secret --dry-run -v -auAX --dirs-update --delete 'pkr-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
++ tail --lines=+2
++ head --lines=-3
+ need_sync=
+ '[' -z '' ']'
+ return 1
+ '[' 1 -eq 0 ']'
+ stderr_log_debug '[eusib-ucs-ma] No upstream changes.'
+ false
+ all_files_and_dirs_have_acls /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma eusib-ucs-ma
++ ucr get domainname
+ local dir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies
+ shift
+ local host=eusib-ucs-ma
+ '[' -d /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies ']'
+ stderr_log_debug '[eusib-ucs-ma] checking ACL'\''s'
+ false
++ getfacl -span -R /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies
++ md5sum
++ sed -ne 's/^# file: //p'
++ sort
+ a_md5='563747da7ccc80dd430548bbe367602e  -'
++ find /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies -type f -o -type d
++ sort
++ md5sum
+ f_md5='563747da7ccc80dd430548bbe367602e  -'
+ '[' '563747da7ccc80dd430548bbe367602e  -' '!=' '563747da7ccc80dd430548bbe367602e  -' ']'
+ return 0
+ sync_to_local_sysvol /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma -auAX --dirs-update
+ local importdir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ stderr_log_debug '[eusib-ucs-ma] local sync from importdir to sysvol'
+ false
+ stderr_log_debug '[eusib-ucs-ma] trying to get exclusive (write) lock on local sysvol'
+ false
+ timeout=60
+ flock --timeout=60 8
++ rsync -auAX --dirs-update /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/ /var/lib/samba/sysvol
+ out=
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'

slave2:

root@wir-ucs-sl:~# bash -x /usr/share/univention-samba4/scripts/sysvol-sync.sh
+ . /usr/share/univention-lib/ucr.sh
++ /usr/sbin/univention-config-registry shell hostname samba4/sysvol/sync/host
+ eval 'hostname=wir-ucs-sl
samba4_sysvol_sync_host=eusib-ucs-ma'
++ hostname=wir-ucs-sl
++ samba4_sysvol_sync_host=eusib-ucs-ma
+ DEBUG=false
+ SYSVOL_PATH=/var/lib/samba/sysvol
+ SYSVOL_SYNCDIR=/var/cache/univention-samba4/sysvol-sync
+ SYSVOL_SYNC_TRIGGERDIR=/var/cache/univention-samba4/sysvol-sync/.trigger
+ PROCESS_LOCKFILE=/var/lock/sysvol-sync-process
+ SYSVOL_LOCKFILE=/var/lock/sysvol-sync-dir
+ LC_ALL=C
+ flock -un 9
+ '[' -d /var/cache/univention-samba4/sysvol-sync/.trigger ']'
+ chgrp 'DC Slave Hosts' /var/cache/univention-samba4/sysvol-sync/.trigger
+ chmod g+w /var/cache/univention-samba4/sysvol-sync/.trigger
+ is_ucr_true samba4/sysvol/sync/debug
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/debug
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
+ is_ucr_true samba4/sysvol/sync/setfacl/AU
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/setfacl/AU
+ value=false
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n false
++ tr '[:upper:]' '[:lower:]'
+ return 1
+ '[' '!' 1 -eq 1 ']'
+ '[' '' = --overwrite-local ']'
+ default_rsync_options=("-auAX" "--dirs-update")
+ touch /var/lock/sysvol-sync-dir
+ chgrp 'DC Slave Hosts' /var/lock/sysvol-sync-dir
+ chmod g+w /var/lock/sysvol-sync-dir
+ sync_from_active_downstream_DCs
+ is_ucr_false samba4/sysvol/sync/from_downstream
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_downstream
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
++ find /var/cache/univention-samba4/sysvol-sync/.trigger -mindepth 1 -maxdepth 1 -type f
+ sync_from_upstream_DC
+ for s4dc in '$samba4_sysvol_sync_host'
+ '[' eusib-ucs-ma = wir-ucs-sl ']'
+ log_prefix=eusib-ucs-ma
+ importdir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ remote_login='wir-ucs-sl$@eusib-ucs-ma'
+ trigger_upstream_sync 'wir-ucs-sl$@eusib-ucs-ma'
+ local 'remote_login=wir-ucs-sl$@eusib-ucs-ma'
+ stderr_log_debug '[eusib-ucs-ma] placing triggerfile.'
+ false
++ univention-ssh --no-split /etc/machine.secret 'wir-ucs-sl$@eusib-ucs-ma' -o ServerAliveInterval=15 'mkdir -p "/var/cache/univention-samba4/sysvol-sync/.trigger"; touch "/var/cache/univention-samba4/sysvol-sync/.trigger/wir-ucs-sl"'
+ out='Could not chdir to home directory /dev/null: Not a directory'
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'
+ '[' 0 -ne 0 ']'
+ is_ucr_false samba4/sysvol/sync/from_upstream
+ local value
++ /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_upstream
+ value=
+ case "$(echo -n "$value" | tr '[:upper:]' '[:lower:]')" in
++ echo -n ''
++ tr '[:upper:]' '[:lower:]'
+ return 2
+ stderr_log_debug '[eusib-ucs-ma] rsync check for changes on upstream DC'
+ false
+ rsync_options=("${default_rsync_options[@]}" --delete)
+ check_if_need_sync 'wir-ucs-sl$@eusib-ucs-ma' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma -auAX --dirs-update --delete
+ local 'remote_login=wir-ucs-sl$@eusib-ucs-ma'
+ shift
+ local dst=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ local need_sync
+ local 'src=wir-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol'
++ univention-ssh-rsync /etc/machine.secret --dry-run -v -auAX --dirs-update --delete 'wir-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
++ tail --lines=+2
++ head --lines=-3
+ need_sync='./
eusib.intranet/
eusib.intranet/Policies/
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/gpt.ini
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/Machine/
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/User/
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/User/comment.cmtx
eusib.intranet/Policies/{1042D6E0-BDAC-4698-8E86-C2DE9C81E8B4}/User/registry.pol
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/GPT.INI
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/Machine/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Documents & Settings/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Preferences/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Preferences/Printers/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Preferences/Printers/Printers.xml
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Scripts/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Scripts/Logoff/
eusib.intranet/Policies/{11EFA724-0BEE-4769-B019-3CACA07592EB}/User/Scripts/Logon/
eusib.intranet/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/
eusib.intranet/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
eusib.intranet/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/
eusib.intranet/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/GPT.INI
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/gpt.ini
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/comment.cmtx
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/registry.pol
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/Applications/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/Scripts/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/Scripts/Startup/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/microsoft/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/microsoft/windows nt/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/microsoft/windows nt/SecEdit/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/User/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/User/Documents & Settings/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/User/Scripts/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/User/Scripts/Logoff/
eusib.intranet/Policies/{31BDEAA5-CDC4-4FA0-B8A0-3E1FC4508D18}/User/Scripts/Logon/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/gpt.ini
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/Machine/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/comment.cmtx
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/registry.pol
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Documents & Settings/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Preferences/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Preferences/FolderOptions/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Preferences/FolderOptions/FolderOptions.xml
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Scripts/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Scripts/Logoff/
eusib.intranet/Policies/{3A6801F9-9540-44F5-9FF1-049F29E2DA24}/User/Scripts/Logon/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/GPT.INI
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/Machine/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/Machine/Registry.pol
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/Machine/comment.cmtx
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/User/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/User/Documents & Settings/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/User/Scripts/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/User/Scripts/Logoff/
eusib.intranet/Policies/{3B3D0D2A-FE25-4B29-AABB-8E84E9E7F06C}/User/Scripts/Logon/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/gpt.ini
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/Machine/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/Machine/Scripts/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/Machine/Scripts/Startup/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/comment.cmtx
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/registry.pol
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Applications/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Documents & Settings/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Documents & Settings/fdeploy.ini
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Documents & Settings/fdeploy1.ini
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Scripts/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Scripts/Logoff/
eusib.intranet/Policies/{62097F97-2DCE-4780-B7A4-3C997B23AC1A}/User/Scripts/Logon/
eusib.intranet/Policies/{6396220E-2B8B-44A9-A927-3F437D9EB57E}/
eusib.intranet/Policies/{6396220E-2B8B-44A9-A927-3F437D9EB57E}/GPT.INI
eusib.intranet/Policies/{6396220E-2B8B-44A9-A927-3F437D9EB57E}/Machine/
eusib.intranet/Policies/{6396220E-2B8B-44A9-A927-3F437D9EB57E}/Machine/Registry.pol
eusib.intranet/Policies/{6396220E-2B8B-44A9-A927-3F437D9EB57E}/User/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/gpt.ini
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/Machine/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Registry.pol
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/comment.cmtx
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Documents & Settings/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Preferences/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Preferences/Drives/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Preferences/Drives/Drives.xml
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Scripts/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Scripts/Logoff/
eusib.intranet/Policies/{669DF754-7328-4E94-A8DF-B6A2D92974BB}/User/Scripts/Logon/
eusib.intranet/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/
eusib.intranet/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/GPT.INI
eusib.intranet/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/
eusib.intranet/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/
eusib.intranet/Policies/{6BCE1ACA-D336-49F3-9CAA-277CCE13EDD4}/
eusib.intranet/Policies/{6BCE1ACA-D336-49F3-9CAA-277CCE13EDD4}/GPT.INI
eusib.intranet/Policies/{6BCE1ACA-D336-49F3-9CAA-277CCE13EDD4}/Machine/
eusib.intranet/Policies/{6BCE1ACA-D336-49F3-9CAA-277CCE13EDD4}/User/
eusib.intranet/Policies/{985CBC76-BFF9-45F3-845E-5FC6825A8F67}/
eusib.intranet/Policies/{985CBC76-BFF9-45F3-845E-5FC6825A8F67}/GPT.INI
eusib.intranet/Policies/{985CBC76-BFF9-45F3-845E-5FC6825A8F67}/Machine/
eusib.intranet/Policies/{985CBC76-BFF9-45F3-845E-5FC6825A8F67}/User/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/gpt.ini
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/Machine/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/Machine/Scripts/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/Machine/Scripts/Startup/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/comment.cmtx
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/registry.pol
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Applications/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Documents & Settings/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Documents & Settings/fdeploy.ini
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Documents & Settings/fdeploy1.ini
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Scripts/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Scripts/Logoff/
eusib.intranet/Policies/{A2156B14-C036-4444-A292-40E9E879ED60}/User/Scripts/Logon/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/gpt.ini
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/Machine/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/Machine/Scripts/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/Machine/Scripts/Startup/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/comment.cmtx
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/registry.pol
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Applications/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Documents & Settings/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Documents & Settings/fdeploy.ini
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Documents & Settings/fdeploy1.ini
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Scripts/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Scripts/Logoff/
eusib.intranet/Policies/{A36201FD-FB52-41E9-86B5-B92983F1B3F3}/User/Scripts/Logon/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/GPT.INI
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/Machine/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/User/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/User/Preferences/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/User/Preferences/FolderOptions/
eusib.intranet/Policies/{B292ADF8-6C03-4189-9482-FDF8D02ABAFE}/User/Preferences/FolderOptions/FolderOptions.xml
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/GPT.INI
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/gpt.ini
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/Machine/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/Machine/Scripts/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/Machine/Scripts/Startup/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/comment.cmtx
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/registry.pol
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Applications/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Documents & Settings/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Documents & Settings/fdeploy.ini
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Documents & Settings/fdeploy1.ini
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Scripts/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Scripts/Logoff/
eusib.intranet/Policies/{BEE85367-CC92-4946-87F4-71046554C229}/User/Scripts/Logon/
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/GPT.INI
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/Machine/
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/Machine/Preferences/
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/Machine/Preferences/Groups/
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/Machine/Preferences/Groups/Groups.xml
eusib.intranet/Policies/{C22DD52E-52A0-47FD-B022-A19E199814E8}/User/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/GPT.INI
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/Machine/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/User/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/User/Preferences/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/User/Preferences/Printers/
eusib.intranet/Policies/{C64E9EB8-41F6-4799-A9F7-78691EC6662E}/User/Preferences/Printers/Printers.xml
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/gpt.ini
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/Machine/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/Machine/Scripts/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/Machine/Scripts/Startup/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/comment.cmtx
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/registry.pol
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Applications/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Documents & Settings/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Documents & Settings/fdeploy.ini
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Documents & Settings/fdeploy1.ini
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Scripts/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Scripts/Logoff/
eusib.intranet/Policies/{C84E7D6B-55EE-4040-8488-97E2A637DE31}/User/Scripts/Logon/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/GPT.INI
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/Machine/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/User/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/User/Preferences/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/User/Preferences/Drives/
eusib.intranet/Policies/{D88464E6-875C-4BB8-90BD-323D2F80EBF5}/User/Preferences/Drives/Drives.xml
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/GPT.INI
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/Registry.pol
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/comment.cmtx
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/Scripts/
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/Scripts/Shutdown/
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/Machine/Scripts/Startup/
eusib.intranet/Policies/{DA05E6B0-E6E7-4542-8C4A-0C67577A2F25}/User/
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/GPT.INI
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/Machine/
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/Machine/Registry.pol
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/Machine/comment.cmtx
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/User/
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/User/Registry.pol
eusib.intranet/Policies/{ED665999-55A3-471F-A352-B95F372B01F1}/User/comment.cmtx
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/gpt.ini
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/Machine/
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/Machine/comment.cmtx
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/Machine/registry.pol
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/User/
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/User/comment.cmtx
eusib.intranet/Policies/{FA17C86F-9726-4C70-B85C-EF6AF3ED790A}/User/registry.pol
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/gpt.ini
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/Machine/
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/Machine/comment.cmtx
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/Machine/registry.pol
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/User/
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/User/Registry.pol
eusib.intranet/Policies/{FF6226D1-C772-4CCE-8163-2059DD8C7EAA}/User/comment.cmtx
eusib.intranet/scripts/
eusib.intranet/scripts/italc-key.pub
eusib.intranet/scripts/italc-key_fanta-ucs-sl.pub
eusib.intranet/scripts/italc-key_fsr-ucs-sl.pub
eusib.intranet/scripts/italc-key_kiga-ucs-sl.pub
eusib.intranet/scripts/italc-key_pkr-ucs-sl.pub
eusib.intranet/scripts/ucs-school-logon.vbs
eusib.intranet/scripts/bginfo/
eusib.intranet/scripts/bginfo/Bginfo.exe
eusib.intranet/scripts/bginfo/Bginfo64.exe
eusib.intranet/scripts/bginfo/display.bgi
eusib.intranet/scripts/user/
eusib.intranet/scripts/user/Administrator.vbs
eusib.intranet/scripts/user/Guest.vbs

ganz viele user-scripte folgen

+ return 0
+ '[' 0 -eq 0 ']'
+ stderr_log_debug '[eusib-ucs-ma] rsync pull from upstream DC'
+ false
+ copy_sysvol_from 'wir-ucs-sl$@eusib-ucs-ma' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma -auAX --dirs-update --delete
+ local 'remote_login=wir-ucs-sl$@eusib-ucs-ma'
+ shift
+ local importdir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ local 'src=wir-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol'
+ get_remote_lock 'wir-ucs-sl$@eusib-ucs-ma'
+ local 'remote_login=wir-ucs-sl$@eusib-ucs-ma'
+ local pipe_dir
++ mktemp -d
+ pipe_dir=/tmp/tmp.r6EGuEVyjq
+ create_remote_locking_pipe /tmp/tmp.r6EGuEVyjq
+ local pipe_dir=/tmp/tmp.r6EGuEVyjq
+ trap 'close_remote_locking_pipe '\''/tmp/tmp.r6EGuEVyjq'\''' EXIT
+ for pipename in '"pipe0"' '"pipe1"'
+ mkfifo /tmp/tmp.r6EGuEVyjq/pipe0
+ for pipename in '"pipe0"' '"pipe1"'
+ mkfifo /tmp/tmp.r6EGuEVyjq/pipe1
+ return 0
+ stderr_log_debug '[eusib-ucs-ma] trying to get remote read lock'
+ false
+ timeout=30
+ univention-ssh --no-split /etc/machine.secret 'wir-ucs-sl$@eusib-ucs-ma' -o ServerAliveInterval=20 '(flock --timeout=30 -s 8 || exit 1; echo LOCKED; read WAIT;) 8>"/var/lock/sysvol-sync-dir"'
+ read REPLY
+ grep -v 'Could not chdir to home directory'
++ cat /tmp/tmp.r6EGuEVyjq/pipe0
+ '[' LOCKED '!=' LOCKED ']'
+ return 0
++ univention-ssh-rsync /etc/machine.secret -auAX --dirs-update --delete 'wir-ucs-sl$@eusib-ucs-ma:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ out='Could not chdir to home directory /dev/null: Not a directory'
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'
++ close_remote_locking_pipe /tmp/tmp.r6EGuEVyjq
++ local pipe_dir=/tmp/tmp.r6EGuEVyjq
++ echo DONE
++ rm -rf /tmp/tmp.r6EGuEVyjq
+ '[' 0 -ne 0 ']'
+ all_files_and_dirs_have_acls /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma eusib-ucs-ma
++ ucr get domainname
+ local dir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies
+ shift
+ local host=eusib-ucs-ma
+ '[' -d /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies ']'
+ stderr_log_debug '[eusib-ucs-ma] checking ACL'\''s'
+ false
++ getfacl -span -R /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies
++ sed -ne 's/^# file: //p'
++ sort
++ md5sum
+ a_md5='563747da7ccc80dd430548bbe367602e  -'
++ find /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/eusib.intranet/Policies -type f -o -type d
++ sort
++ md5sum
+ f_md5='563747da7ccc80dd430548bbe367602e  -'
+ '[' '563747da7ccc80dd430548bbe367602e  -' '!=' '563747da7ccc80dd430548bbe367602e  -' ']'
+ return 0
+ sync_to_local_sysvol /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma -auAX --dirs-update
+ local importdir=/var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma
+ shift
+ rsync_options=("$@")
+ local rsync_options
+ stderr_log_debug '[eusib-ucs-ma] local sync from importdir to sysvol'
+ false
+ stderr_log_debug '[eusib-ucs-ma] trying to get exclusive (write) lock on local sysvol'
+ false
+ timeout=60
+ flock --timeout=60 8
++ rsync -auAX --dirs-update /var/cache/univention-samba4/sysvol-sync/.eusib-ucs-ma/ /var/lib/samba/sysvol
+ out=
+ rsync_exitcode=0
+ '[' 0 -ne 0 ']'



#12

Hallo,

hmm, eine konkrete Fehlermeldung sehe ich jetzt in der Ausgabe nicht. Diese hier “Could not aquire remote read lock after…” ist nicht total kritisch, es wird halt ein Lock angelegt, damit nicht zweit Rechner gleichzeitig das sysvol Verzeichnis “mergen”, es wird aber später einfach erneut versucht.

Ist den auf allen Slaves der Sysvol Sync Host korrekt?
Das ist der Server, auf dem alle Änderungen “gemergt” werden und von dem alle Slaves das sysol Verzeichnis synchronisieren. Auf den Slaves ist dieser in der UCR Variable samba4/sysvol/sync/host gespeichert.

Gibt es ein konkretes Beispiel für eine GPO, die nicht synchronisiert wird. Auf dem Slave sollte die GPO ja in /var/lib/samba/sysvol/… zu finden sein. Die Sysvol-Replikation synchronisiert dieses Verzeichnis auf den samba4/sysvol/sync/host Rechner (meist der UCS Master) in das Verzeichnis /var/cache/univention-samba4/sysvol-sync/$RECHNER_NAME wobei RECHNER_NAME der FQDN des UCS Slave ist. Ist die GPO dort vorhanden? Von dort aus geht es dann weiter in das /var/lib/samba/sysvol/… des Masters und die Slave synchronisieren dann ihrerseits wieder dieses Verzeichnis.

VG
Felix


#13

Hallo,
auf allen Slaves stimmt der Eintrag sync/host. Alle Einträge samba4/sysvol/sync sind auf allen Systemen gleich.

Mit dem Cache-Verzeichnis konnte ich das Problem jetzt genauer sehen. Es gibt zwei Slaves, bei denen es nicht funktioniert. Bei den anderen klappt es wie beschrieben:
GPO anlegen->landet auf dem sysvol des Slaves->landet im Cache des Master ->landet im sysvol des master->wird verteilt und landet auf allen slaves->landet im cache des Master (nur bei den slaves, die “funktionieren”)
Bei den anderen beiden slaves ist nach dem Erstellen der GPO und dem Anlegen im sysvol des slaves Schluss.
Auch die per cron ausgelösten trigger kann ich kurzzeitig im cache des Master sehen.
das sysvol-sync.log auf dem Slave zeigt keine Besonderheiten.
Die Einträge für die slaves auf dem Cache des Masters sind alle vorhanden.
Aber die Zeitstempel und Inhalte der defekten Slaves sind veraltet und unvollständig.


#14

Hallo

was sagt denn ein

univention-ssh-rsync /etc/machine.secret --dry-run -v -aAX --delete --delete-excluded 'eusib-ucs-ma$'@$SERVER:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/$SERVER

auf dem Master ($SERVER ist der Slave, auf dem der Sync nicht funktioniert)?

Ich habe auch nochmal in die Ausgabe des sync Script geschaut und sehe dort jetzt (vorher übersehen):

local 'src=eusib-ucs-ma$@wir-ucs-sl:/var/lib/samba/sysvol'
++ univention-ssh-rsync /etc/machine.secret --dry-run -v -aAX --delete --delete-excluded '--exclude=scripts/user/.*.vbs.[[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]][[:alnum:]]' 'eusib-ucs-ma$@wir-ucs-sl:/var/lib/samba/sysvol/' /var/cache/univention-samba4/sysvol-sync/wir-ucs-sl
++ tail --lines=+2
++ head --lines=-3
+ need_sync=
+ '[' -z '' ']'
+ return 1
+ '[' 1 -eq 0 ']'
+ stderr_log_debug '[wir-ucs-sl] No downstream changes.'

Er denkt also, es gibt keine Änderungen auf dem Slave. Warum sollte man hoffentlich an der Ausgabe des rsync dry run sehen.

VG
Felix


#15

Hallo,
danke für die Hilfe. Wir konnten die Probleme damit lösen. Bei dem einen Standort war keine Variable für Sysvol/sync/cron vorhanden.
Bei dem anderen löste auf dem master, dass Löschen des ssh Eintrags das Problem.

ssh-keygen -f "/root/.ssh/known_hosts" -R wir-ucs-sl