At one site I support, I have just recently put a policy file on their server to try and make some stuff easier to manage. Only problem is Windows is not even trying to load it. I watched the traffic in Wireshark, and there's no request for the ntconfig.pol file at all. And of course nothing from it is being applied. I had read that this can happen if someone has set the policy refresh settings to never refresh (or manually or whatever it is), but I have checked this and tried with a newly installed Windows machine, and it still doesn't work. Is there some special setting I am missing? What is the bare minimum for ntconfig.pol to apply? What should the netlogon share definition look like? Global config options that seem relevent are: [global] workgroup = CRDC domain master = yes prefered master = yes domain logons = yes logon path = \\%L\profiles\%U logon script = logon.bat dns proxy = no name resolve order = lmhosts host wins bcast security = user guest account = nobody encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . pam password change = yes socket options = TCP_NODELAY The share definition looks like this: [netlogon] comment = Network Logon Service path = /samba/netlogon guest ok = no writable = yes browsable = no write list = mwheeler, tin, root TB
did you name it NTConfig.POL and put it in /samba/netlogon and only 2000-Vista clients will load that. for win 95/98 clients I think it needs to be called Config.POL. Tim Bates wrote:> At one site I support, I have just recently put a policy file on their > server to try and make some stuff easier to manage. Only problem is > Windows is not even trying to load it. I watched the traffic in > Wireshark, and there's no request for the ntconfig.pol file at all. And > of course nothing from it is being applied. > I had read that this can happen if someone has set the policy refresh > settings to never refresh (or manually or whatever it is), but I have > checked this and tried with a newly installed Windows machine, and it > still doesn't work. > > Is there some special setting I am missing? What is the bare minimum for > ntconfig.pol to apply? What should the netlogon share definition look > like? > > Global config options that seem relevent are: > [global] > workgroup = CRDC > domain master = yes > prefered master = yes > domain logons = yes > logon path = \\%L\profiles\%U > logon script = logon.bat > dns proxy = no > name resolve order = lmhosts host wins bcast > security = user > guest account = nobody > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > pam password change = yes > socket options = TCP_NODELAY > > > The share definition looks like this: > [netlogon] > comment = Network Logon Service > path = /samba/netlogon > guest ok = no > writable = yes > browsable = no > write list = mwheeler, tin, root > > > > TB >