On 11/04/16 20:50, Luca Bertoncello wrote:> Rowland penny <rpenny at samba.org> schrieb:
>
>> Can you post your entire smb.conf
>> What OS ?
>> What Samba version ?
> Samba 4.1.6 on Ubuntu 14.04.
> My smb.conf:
>
> # Global parameters
> [global]
>          workgroup = CCH
>          realm = CCH.INTRA
>          netbios name = MAIN
>          interfaces = lo, br50
>          bind interfaces only = Yes
>          server role = active directory domain controller
>          dns forwarder = 192.168.8.19
>          idmap_ldb:use rfc2307 = yes
>
> # Damit die Nutzer sich auch in Linux anmelden können
>          template shell = /bin/bash
> # Homedir in /home
>          template homedir = /home/%ACCOUNTNAME%
> # Home automatisch anlegen
>          root preexec = /etc/samba/mkhomedir.sh %ACCOUNTNAME%
>
> [netlogon]
>          path = /var/lib/samba/sysvol/cch.intra/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> [homes]
>          comment = Home Directories
>          browseable = no
>          writable = yes
>          create mode = 0660
>          directory mode = 0700
>          browseable = yes
>          read only = no
>          create mask = 0770
>          directory mask = 0770
>          force user = "CCH.INTRA\%U"
>          force group = users
>
> [cch]
>          comment = Public Stuff
>          path = /home/shares/cch
>          public = yes
>          writable = yes
>          browseable = yes
>          force group = users
>          create mode = 0660
>          directory mode = 0770
>
> [kfzwin]
>          comment = KFZ-Win
>          path = /home/shares/kfzwin
>          public = yes
>          writable = yes
>          browseable = yes
>          force group = users
>          create mode = 0660
>          directory mode = 0770
>
> [wininst$]
>          comment = Installationsimages
>          path = /home/shares/wininst
>          public = yes
>          writable = no
>          browseable = yes
>          guest ok = yes
>
> [tools]
>          comment = Für die Admins
>          path = /home/shares/tools
>          public = no
>          writable = yes
>          browseable = yes
>          valid users = +"CCH.INTRA\Domain Admins"
>          force group = "CCH.INTRA\Domain Admins"
>          create mode = 0660
>          directory mode = 0770
>
> [gp$]
>          comment = Programme zu installieren
>          path = /home/shares/gp
>          public = yes
>          writable = yes
>          browseable = no
>          valid users = +"CCH.INTRA\Domain Users"
>          force group = "CCH.INTRA\Domain Users"
>
> Thanks
> Luca Bertoncello
> (lucabert at lucabert.de)
>
You seem to be setting up your AD DC as if it was a Samba 3 machine, you 
would probably better off setting it up using ACLs instead of 'valid 
users' etc:
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
Also [homes] doesn't work on 4.1.x, see:
https://wiki.samba.org/index.php/User_home_drives
Finally 'browseable' is redundant on a Samba AD DC, there is no browsing
on an AD DC.
Rowland