Let me guess. You accessing your server like : \\servername\netlogon of \\servername\sysvol Well thats protected by windows these these days. Try with \\servername.domain.tld\netlogon or \\servername.domain.tld\sysvol Does that work? Yes, There is a whole chaper of this on the list somewhere.. Best is to read howto override this. https://adsecurity.org/?p=1405 and for you member server, how is you share setup. did you remove "authenticated users" ? if so best is that you add "domain computer" or authenticated users back. And if you did not remove "authenticated users" from the share. Please post your share setup and rights for the shared folder. AND the rights of the folder below the shared folder. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Viktor Trojanovic > Verzonden: dinsdag 17 november 2015 15:01 > Aan: mathias dufresne; samba at lists.samba.org > Onderwerp: Re: [Samba] Permission Issues with GPO > > Hi Mathias, > > The problem is not the GPO itself. The GPO containers are stored, as > they should be, in the file system under sysvol/AD-DOMAIN/Policies, and > they are being accessed correctly by the respective users and computers. > > Maybe my question isn't phrased perfectly but my problem is that any > *computer GPO* that is accessing my file server (Samba Member), fails > with an access denied error. To give you an example. I might have a > startup script that is supposed to copy a file from the file server, > let's say an MS Word template, to the AD computer. The GPO itself is > saved on the DC and it is called correctly but the access to my file > server is being denied, the copy transaction is not happening. > > There is a permission problem and I'm trying to figure out what it is. > The reason I'm posting this here is because I assume there is a link > between my Samba settings on the file server, and their connection to > the Samba DC that are responsible for this problem as this is not > standard behavior. > > Viktor > > > > On 17.11.2015 13:30, mathias dufresne wrote: > > Hey, > > > > If your GPO are stored in AD (they are not template GPO with all GPO > > information in some file, I think this kind of non-pure-AD GPO are > stored > > in ADMX files, not sure). > > In GPMC.msc you have to define which entities would receive the GPO. > Once > > created the GPO, once it is set up, you have in the right panel two > parts. > > The bottom part is to define to whom this GPO would be applied. > > > > In that case, GPO ownership should be reset by AD (don't asked me which > > part of AD) if you modify GPO ACLs manually. > > > > In clear: you must use GPMC.msc to manage GPO ACLs. This if they are not > > template. > > > > Hoping this could help to find a solution. > > > > mathias > > > > 2015-11-17 4:04 GMT+01:00 Viktor Trojanovic <viktor at troja.ch>: > > > >> I was experiencing problems with Group Policy Objects. The Windows > Event > >> Viewer spits out so many different errors, most of them less than > helpful, > >> so Iwas seeking help here with some of those messages. > >> > >> In the end, and after many hours and even days of researching this > >> problem, I seem to have pin-pointed the main issue to some simple > >> permission irregularities that I don't know how to solve. > >> > >> In my setup, I have an AD DC and a member server, the latter in the > >> function of a file server. Both are a Samba-only implementation based > on > >> version 4.3.1 of the server. > >> > >> Everything seems to work well enough, I never noticed any issue when > >> working in a user context - I can authenticate, and I can use the file > >> server as intended. But evidently, any policies that require access to > the > >> file server in a machine context (computer configuration node of the > GPO), > >> fail. I was able to confirm that in multiple tests. > >> > >> I'm at my wit's end as it seems to me that all the necessary share > >> permissions and NTACLs are in place. I even followed the advice I could > >> find on some forum pages to add the group "domain computers" to the > share > >> permissions but that didn't help either. > >> > >> Any advice or best practices? I can't imagine this should be so > >> complicated. > >> > >> Viktor > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hi Louis, As I mentioned, but maybe not clear enough, there is no problem accessing my Domain Controller, it works fine, even without using the whole domain. Before posting my share permissions, can you please elaborate what you mean with "have you removed authenticated users from your share"? I never had any rights for "authenticated users" on any of my shares. Maybe I'm setting up shares in the wrong way? [global] netbios name = FILESERVER workgroup = SAMDOM security = ADS realm = SAMDOM.EXAMPLE.COM dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab username map = /etc/samba/samba_usermap idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config OFFICE:backend = ad idmap config OFFICE:schema_mode = rfc2307 idmap config OFFICE:range = 10000-99999 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = yes [packages] path = /srv/samba/packages read only = no browsable = yes comment = "Software Packages" On 17.11.2015 15:30, L.P.H. van Belle wrote:> Let me guess. > > You accessing your server like : > > \\servername\netlogon > of > \\servername\sysvol > > Well thats protected by windows these these days. > > Try with > > \\servername.domain.tld\netlogon > or > \\servername.domain.tld\sysvol > > Does that work? Yes, > > There is a whole chaper of this on the list somewhere.. > Best is to read howto override this. > https://adsecurity.org/?p=1405 > > and for you member server, how is you share setup. > did you remove "authenticated users" ? > if so best is that you add "domain computer" or authenticated users back. > And if you did not remove "authenticated users" from the share. > > Please post your share setup and rights for the shared folder. > AND the rights of the folder below the shared folder. > > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Viktor Trojanovic >> Verzonden: dinsdag 17 november 2015 15:01 >> Aan: mathias dufresne; samba at lists.samba.org >> Onderwerp: Re: [Samba] Permission Issues with GPO >> >> Hi Mathias, >> >> The problem is not the GPO itself. The GPO containers are stored, as >> they should be, in the file system under sysvol/AD-DOMAIN/Policies, and >> they are being accessed correctly by the respective users and computers. >> >> Maybe my question isn't phrased perfectly but my problem is that any >> *computer GPO* that is accessing my file server (Samba Member), fails >> with an access denied error. To give you an example. I might have a >> startup script that is supposed to copy a file from the file server, >> let's say an MS Word template, to the AD computer. The GPO itself is >> saved on the DC and it is called correctly but the access to my file >> server is being denied, the copy transaction is not happening. >> >> There is a permission problem and I'm trying to figure out what it is. >> The reason I'm posting this here is because I assume there is a link >> between my Samba settings on the file server, and their connection to >> the Samba DC that are responsible for this problem as this is not >> standard behavior. >> >> Viktor >> >> >> >> On 17.11.2015 13:30, mathias dufresne wrote: >>> Hey, >>> >>> If your GPO are stored in AD (they are not template GPO with all GPO >>> information in some file, I think this kind of non-pure-AD GPO are >> stored >>> in ADMX files, not sure). >>> In GPMC.msc you have to define which entities would receive the GPO. >> Once >>> created the GPO, once it is set up, you have in the right panel two >> parts. >>> The bottom part is to define to whom this GPO would be applied. >>> >>> In that case, GPO ownership should be reset by AD (don't asked me which >>> part of AD) if you modify GPO ACLs manually. >>> >>> In clear: you must use GPMC.msc to manage GPO ACLs. This if they are not >>> template. >>> >>> Hoping this could help to find a solution. >>> >>> mathias >>> >>> 2015-11-17 4:04 GMT+01:00 Viktor Trojanovic <viktor at troja.ch>: >>> >>>> I was experiencing problems with Group Policy Objects. The Windows >> Event >>>> Viewer spits out so many different errors, most of them less than >> helpful, >>>> so Iwas seeking help here with some of those messages. >>>> >>>> In the end, and after many hours and even days of researching this >>>> problem, I seem to have pin-pointed the main issue to some simple >>>> permission irregularities that I don't know how to solve. >>>> >>>> In my setup, I have an AD DC and a member server, the latter in the >>>> function of a file server. Both are a Samba-only implementation based >> on >>>> version 4.3.1 of the server. >>>> >>>> Everything seems to work well enough, I never noticed any issue when >>>> working in a user context - I can authenticate, and I can use the file >>>> server as intended. But evidently, any policies that require access to >> the >>>> file server in a machine context (computer configuration node of the >> GPO), >>>> fail. I was able to confirm that in multiple tests. >>>> >>>> I'm at my wit's end as it seems to me that all the necessary share >>>> permissions and NTACLs are in place. I even followed the advice I could >>>> find on some forum pages to add the group "domain computers" to the >> share >>>> permissions but that didn't help either. >>>> >>>> Any advice or best practices? I can't imagine this should be so >>>> complicated. >>>> >>>> Viktor >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
Hai Viktor,> > Before posting my share permissions, can you please elaborate what you > mean with "have you removed authenticated users from your share"? I > never had any rights for "authenticated users" on any of my shares.Ah sorry, yes, that was "everybody" ( my error ) keep it> > Maybe I'm setting up shares in the wrong way? > ..... > [packages] > path = /srv/samba/packages > read only = no > browsable = yes > comment = "Software Packages" >Your config is ok, but i would add acl_xattr:ignore system acls = yes to the packages share. See man smb.conf for what it exact does, but for a "windows" only share, i would always set it. This is what i have for my distribution share. [public] ## chmod 755 on /home/samba/public ## rights root:root, but due to the ignore this is ignored.. ## browseable = yes path = /home/samba/public read only = no acl_xattr:ignore system acls = yes and i added "veryfied users" to the security tab with read rights. Which the domain computers also need. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Viktor Trojanovic [mailto:viktor at troja.ch] > Verzonden: dinsdag 17 november 2015 16:18 > Aan: L.P.H. van Belle; samba at lists.samba.org > Onderwerp: Re: [Samba] Permission Issues with GPO > > Hi Louis, > > As I mentioned, but maybe not clear enough, there is no problem > accessing my Domain Controller, it works fine, even without using the > whole domain. > > Before posting my share permissions, can you please elaborate what you > mean with "have you removed authenticated users from your share"? I > never had any rights for "authenticated users" on any of my shares. > > Maybe I'm setting up shares in the wrong way? > > [global] > > netbios name = FILESERVER > workgroup = SAMDOM > security = ADS > realm = SAMDOM.EXAMPLE.COM > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > username map = /etc/samba/samba_usermap > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > idmap config OFFICE:backend = ad > idmap config OFFICE:schema_mode = rfc2307 > idmap config OFFICE:range = 10000-99999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = Yes > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = yes > > > [packages] > path = /srv/samba/packages > read only = no > browsable = yes > comment = "Software Packages" > > > > > On 17.11.2015 15:30, L.P.H. van Belle wrote: > > Let me guess. > > > > You accessing your server like : > > > > \\servername\netlogon > > of > > \\servername\sysvol > > > > Well thats protected by windows these these days. > > > > Try with > > > > \\servername.domain.tld\netlogon > > or > > \\servername.domain.tld\sysvol > > > > Does that work? Yes, > > > > There is a whole chaper of this on the list somewhere.. > > Best is to read howto override this. > > https://adsecurity.org/?p=1405 > > > > and for you member server, how is you share setup. > > did you remove "authenticated users" ? > > if so best is that you add "domain computer" or authenticated users > back. > > And if you did not remove "authenticated users" from the share. > > > > Please post your share setup and rights for the shared folder. > > AND the rights of the folder below the shared folder. > > > > > > Greetz, > > > > Louis > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Viktor > Trojanovic > >> Verzonden: dinsdag 17 november 2015 15:01 > >> Aan: mathias dufresne; samba at lists.samba.org > >> Onderwerp: Re: [Samba] Permission Issues with GPO > >> > >> Hi Mathias, > >> > >> The problem is not the GPO itself. The GPO containers are stored, as > >> they should be, in the file system under sysvol/AD-DOMAIN/Policies, and > >> they are being accessed correctly by the respective users and > computers. > >> > >> Maybe my question isn't phrased perfectly but my problem is that any > >> *computer GPO* that is accessing my file server (Samba Member), fails > >> with an access denied error. To give you an example. I might have a > >> startup script that is supposed to copy a file from the file server, > >> let's say an MS Word template, to the AD computer. The GPO itself is > >> saved on the DC and it is called correctly but the access to my file > >> server is being denied, the copy transaction is not happening. > >> > >> There is a permission problem and I'm trying to figure out what it is. > >> The reason I'm posting this here is because I assume there is a link > >> between my Samba settings on the file server, and their connection to > >> the Samba DC that are responsible for this problem as this is not > >> standard behavior. > >> > >> Viktor > >> > >> > >> > >> On 17.11.2015 13:30, mathias dufresne wrote: > >>> Hey, > >>> > >>> If your GPO are stored in AD (they are not template GPO with all GPO > >>> information in some file, I think this kind of non-pure-AD GPO are > >> stored > >>> in ADMX files, not sure). > >>> In GPMC.msc you have to define which entities would receive the GPO. > >> Once > >>> created the GPO, once it is set up, you have in the right panel two > >> parts. > >>> The bottom part is to define to whom this GPO would be applied. > >>> > >>> In that case, GPO ownership should be reset by AD (don't asked me > which > >>> part of AD) if you modify GPO ACLs manually. > >>> > >>> In clear: you must use GPMC.msc to manage GPO ACLs. This if they are > not > >>> template. > >>> > >>> Hoping this could help to find a solution. > >>> > >>> mathias > >>> > >>> 2015-11-17 4:04 GMT+01:00 Viktor Trojanovic <viktor at troja.ch>: > >>> > >>>> I was experiencing problems with Group Policy Objects. The Windows > >> Event > >>>> Viewer spits out so many different errors, most of them less than > >> helpful, > >>>> so Iwas seeking help here with some of those messages. > >>>> > >>>> In the end, and after many hours and even days of researching this > >>>> problem, I seem to have pin-pointed the main issue to some simple > >>>> permission irregularities that I don't know how to solve. > >>>> > >>>> In my setup, I have an AD DC and a member server, the latter in the > >>>> function of a file server. Both are a Samba-only implementation based > >> on > >>>> version 4.3.1 of the server. > >>>> > >>>> Everything seems to work well enough, I never noticed any issue when > >>>> working in a user context - I can authenticate, and I can use the > file > >>>> server as intended. But evidently, any policies that require access > to > >> the > >>>> file server in a machine context (computer configuration node of the > >> GPO), > >>>> fail. I was able to confirm that in multiple tests. > >>>> > >>>> I'm at my wit's end as it seems to me that all the necessary share > >>>> permissions and NTACLs are in place. I even followed the advice I > could > >>>> find on some forum pages to add the group "domain computers" to the > >> share > >>>> permissions but that didn't help either. > >>>> > >>>> Any advice or best practices? I can't imagine this should be so > >>>> complicated. > >>>> > >>>> Viktor > >>>> > >>>> -- > >>>> To unsubscribe from this list go to the following URL and read the > >>>> instructions: https://lists.samba.org/mailman/options/samba > >>>> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > > >
Here are my (little) view regarding shares accesses. I write that to clarify things. And it could really be of-topic as Louis seems to have gave solution. There are 2 levels of authorisation for accessing shares: the share level and FS level. For Sysvol I would keep everyone or replace it by "authenticated users" in paranoid mode as the latter refuse non-authenticated users. They are ACLs placed on Shares. Doing that all users or only authenticated users can access the share (ie mount it). Now the FS level happens once the share is mounted (or accessed) and one system users tries to open some file or directory. They are ACLs on files and directories. Any users (or computer) must go across these two levels of ACLs to access files or directories. Now regarding GPO ACLs which are partly hosted on Sysvol the same concepts applies: Sysvol share ACLs + File on FS ACLs. Regarding ACLs for GPO files, if the GPO was created with GPMC.msc, the GPO is mainly stored in AD (don't ask me what resides on Sysvol) and in AD are also stored correct ACLs on GPO's files. I said that because I naively tried to modify ACLs on my GPMC.msc-created-GPO and these changes were automatically reset to the ones declared in AD. Perhaps that could help someone... Cheers, mathias 2015-11-17 16:44 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:> Hai Viktor, > > > > > Before posting my share permissions, can you please elaborate what you > > mean with "have you removed authenticated users from your share"? I > > never had any rights for "authenticated users" on any of my shares. > > Ah sorry, yes, that was "everybody" ( my error ) keep it > > > > > Maybe I'm setting up shares in the wrong way? > > ..... > > [packages] > > path = /srv/samba/packages > > read only = no > > browsable = yes > > comment = "Software Packages" > > > > Your config is ok, but i would add > acl_xattr:ignore system acls = yes > to the packages share. > > See man smb.conf for what it exact does, but for a "windows" only share, > i would always set it. > > This is what i have for my distribution share. > > [public] > ## chmod 755 on /home/samba/public > ## rights root:root, but due to the ignore this is ignored.. > ## > browseable = yes > path = /home/samba/public > read only = no > acl_xattr:ignore system acls = yes > > > and i added "veryfied users" to the security tab with read rights. > Which the domain computers also need. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: Viktor Trojanovic [mailto:viktor at troja.ch] > > Verzonden: dinsdag 17 november 2015 16:18 > > Aan: L.P.H. van Belle; samba at lists.samba.org > > Onderwerp: Re: [Samba] Permission Issues with GPO > > > > Hi Louis, > > > > As I mentioned, but maybe not clear enough, there is no problem > > accessing my Domain Controller, it works fine, even without using the > > whole domain. > > > > Before posting my share permissions, can you please elaborate what you > > mean with "have you removed authenticated users from your share"? I > > never had any rights for "authenticated users" on any of my shares. > > > > Maybe I'm setting up shares in the wrong way? > > > > [global] > > > > netbios name = FILESERVER > > workgroup = SAMDOM > > security = ADS > > realm = SAMDOM.EXAMPLE.COM > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > > > username map = /etc/samba/samba_usermap > > > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config OFFICE:backend = ad > > idmap config OFFICE:schema_mode = rfc2307 > > idmap config OFFICE:range = 10000-99999 > > > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind refresh tickets = Yes > > > > vfs objects = acl_xattr > > map acl inherit = Yes > > store dos attributes = yes > > > > > > [packages] > > path = /srv/samba/packages > > read only = no > > browsable = yes > > comment = "Software Packages" > > > > > > > > > > On 17.11.2015 15:30, L.P.H. van Belle wrote: > > > Let me guess. > > > > > > You accessing your server like : > > > > > > \\servername\netlogon > > > of > > > \\servername\sysvol > > > > > > Well thats protected by windows these these days. > > > > > > Try with > > > > > > \\servername.domain.tld\netlogon > > > or > > > \\servername.domain.tld\sysvol > > > > > > Does that work? Yes, > > > > > > There is a whole chaper of this on the list somewhere.. > > > Best is to read howto override this. > > > https://adsecurity.org/?p=1405 > > > > > > and for you member server, how is you share setup. > > > did you remove "authenticated users" ? > > > if so best is that you add "domain computer" or authenticated users > > back. > > > And if you did not remove "authenticated users" from the share. > > > > > > Please post your share setup and rights for the shared folder. > > > AND the rights of the folder below the shared folder. > > > > > > > > > Greetz, > > > > > > Louis > > > > > > > > > > > >> -----Oorspronkelijk bericht----- > > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Viktor > > Trojanovic > > >> Verzonden: dinsdag 17 november 2015 15:01 > > >> Aan: mathias dufresne; samba at lists.samba.org > > >> Onderwerp: Re: [Samba] Permission Issues with GPO > > >> > > >> Hi Mathias, > > >> > > >> The problem is not the GPO itself. The GPO containers are stored, as > > >> they should be, in the file system under sysvol/AD-DOMAIN/Policies, > and > > >> they are being accessed correctly by the respective users and > > computers. > > >> > > >> Maybe my question isn't phrased perfectly but my problem is that any > > >> *computer GPO* that is accessing my file server (Samba Member), fails > > >> with an access denied error. To give you an example. I might have a > > >> startup script that is supposed to copy a file from the file server, > > >> let's say an MS Word template, to the AD computer. The GPO itself is > > >> saved on the DC and it is called correctly but the access to my file > > >> server is being denied, the copy transaction is not happening. > > >> > > >> There is a permission problem and I'm trying to figure out what it is. > > >> The reason I'm posting this here is because I assume there is a link > > >> between my Samba settings on the file server, and their connection to > > >> the Samba DC that are responsible for this problem as this is not > > >> standard behavior. > > >> > > >> Viktor > > >> > > >> > > >> > > >> On 17.11.2015 13:30, mathias dufresne wrote: > > >>> Hey, > > >>> > > >>> If your GPO are stored in AD (they are not template GPO with all GPO > > >>> information in some file, I think this kind of non-pure-AD GPO are > > >> stored > > >>> in ADMX files, not sure). > > >>> In GPMC.msc you have to define which entities would receive the GPO. > > >> Once > > >>> created the GPO, once it is set up, you have in the right panel two > > >> parts. > > >>> The bottom part is to define to whom this GPO would be applied. > > >>> > > >>> In that case, GPO ownership should be reset by AD (don't asked me > > which > > >>> part of AD) if you modify GPO ACLs manually. > > >>> > > >>> In clear: you must use GPMC.msc to manage GPO ACLs. This if they are > > not > > >>> template. > > >>> > > >>> Hoping this could help to find a solution. > > >>> > > >>> mathias > > >>> > > >>> 2015-11-17 4:04 GMT+01:00 Viktor Trojanovic <viktor at troja.ch>: > > >>> > > >>>> I was experiencing problems with Group Policy Objects. The Windows > > >> Event > > >>>> Viewer spits out so many different errors, most of them less than > > >> helpful, > > >>>> so Iwas seeking help here with some of those messages. > > >>>> > > >>>> In the end, and after many hours and even days of researching this > > >>>> problem, I seem to have pin-pointed the main issue to some simple > > >>>> permission irregularities that I don't know how to solve. > > >>>> > > >>>> In my setup, I have an AD DC and a member server, the latter in the > > >>>> function of a file server. Both are a Samba-only implementation > based > > >> on > > >>>> version 4.3.1 of the server. > > >>>> > > >>>> Everything seems to work well enough, I never noticed any issue when > > >>>> working in a user context - I can authenticate, and I can use the > > file > > >>>> server as intended. But evidently, any policies that require access > > to > > >> the > > >>>> file server in a machine context (computer configuration node of the > > >> GPO), > > >>>> fail. I was able to confirm that in multiple tests. > > >>>> > > >>>> I'm at my wit's end as it seems to me that all the necessary share > > >>>> permissions and NTACLs are in place. I even followed the advice I > > could > > >>>> find on some forum pages to add the group "domain computers" to the > > >> share > > >>>> permissions but that didn't help either. > > >>>> > > >>>> Any advice or best practices? I can't imagine this should be so > > >>>> complicated. > > >>>> > > >>>> Viktor > > >>>> > > >>>> -- > > >>>> To unsubscribe from this list go to the following URL and read the > > >>>> instructions: https://lists.samba.org/mailman/options/samba > > >>>> > > >> > > >> -- > > >> To unsubscribe from this list go to the following URL and read the > > >> instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >