Hi Guys, I am trying to connect Windows 10 to Samba domain controller. Windows 10 fails to get GPO’s because it can’t access SysVol with permissions. The domain Windows 10 is going through for SysVol would be \\example.com\SysVol when I navigate to this as Admin it does not let me go with credentials however if I use the servers hostname \\voyager\Sysvol I can access the directory. We have a fair few Windows 8 clients that have no problems. Any suggestions would be greatly appreciated. Kind Regards From Australia
try these settings for your GPO. Solution: GPEDIT.MSC -> Computer -> Administrative templates -> Network -> Networkprovider -> Hardened UNC Paths Added \\foo.lan\netlogon and Value: RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0 add \\foo\netlogon also Greetz, Louis>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Thomas Miller >Verzonden: maandag 10 augustus 2015 11:17 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Samba Windows 10 > >Hi Guys, > >I am trying to connect Windows 10 to Samba domain controller. >Windows 10 fails to get GPO’s because it can’t access SysVol >with permissions. > >The domain Windows 10 is going through for SysVol would be >\\example.com\SysVol when I navigate to this as Admin it does >not let me go with credentials however if I use the servers >hostname \\voyager\Sysvol I can access the directory. We have >a fair few Windows 8 clients that have no problems. > >Any suggestions would be greatly appreciated. > >Kind Regards From Australia >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On Mon, 2015-08-10 at 11:31 +0200, L.P.H. van Belle wrote:> try these settings for your GPO. > > > Solution: GPEDIT.MSC -> Computer -> Administrative templates -> > Network > -> Networkprovider -> Hardened UNC Paths > > Added > > \\foo.lan\netlogon and Value: > RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0 > > add > \\foo\netlogon also >This really shouldn't be required, and makes the situation much less secure (GPOs can execute arbitrary code on the client). If this really is neeeded, please file a bug so we can investigate it. MS DFS referrals should be handling the \\domain.com\sysvol share. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba