Rowland wrote:>Can I suggest you put your smb.conf back to what it was just after the >provision and try again. If it does work (and it should), before you >start adding lines again, can I also suggest you read 'man smb_conf', >most of the lines you have added are the defaults, others do nothing on >a DC and some are just plain wrong. > >RowlandThank you for answear, but I put back config to state just after provision. It did not help. When I provision domain once again it works (but wipes all ldap db). Any clue? Grzegorz
On Wed, 24 Aug 2016 08:55:25 +0200 Grzegorz Bieniasz via samba <samba at lists.samba.org> wrote:> Thank you for answear, but I put back config to state just after > provision. It did not help. When I provision domain once again it > works (but wipes all ldap db). Any clue? > > Grzegorz > > >How did you provision ? I have had a look again at the smb.conf you posted and I have noticed that a line I expect to see was missing 'idmap_ldb:use rfc2307 = yes'. Did you provision with '--use-rfc2307 --use-xattrs=yes' ? Your smb.conf should look like this: # Global parameters [global] workgroup = EXAMPLE realm = CORP.EXAMPLE.COM.PL server role = active directory domain controller dns forwarder = 192.168.132.10 idmap_ldb:use rfc2307 = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/corp.example.com.pl/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [profiles] path = /srv/profiles read only = No vfs objects = btrfs [public] path = /srv/public read only = No [home] path = /srv/home read only = No vfs objects = btrfs full_audit full_audit:priority = notice full_audit:facility = local5 full_audit:prefix = %u|%I|%m|%S full_audit:success = connect read write mkdir rename unlink rmdir open pwrite chmod mknod link readlink chown full_audit:failure = connect read write mkdir rename unlink rmdir open pwrite chmod mknod link readlink chown [printers] path = /srv/printers read only = No printable = Yes [print$] comment = Printer Drivers path = /srv/printer_driver read only = No [marketing] comment = Marketing path = /srv/uslugi/marketing read only = No vfs objects = btrfs full_audit [other shares] ...... I also noticed another error, you posted: ldbsearch -H ldap://ad.corp.example.com.pl "cb=Administrator" -k yes It should be: ldbsearch -H ldap://ad.corp.example.com.pl "cn=Administrator" -k yes Rowland