Am 2017-05-23 um 18:57 schrieb Stefan G. Weichinger via samba:> can't talk to the DC from the PC via RSAT (for example editing GPOs) > > That has worked already before! Restarted DC VM and client PC ... > > Do I have to raise the level of the domain? I am googling around for > this ...domain level show tells me Forest function level: (Windows) 2003 Domain function level: (Windows) 2003 Lowest function level of a DC: (Windows) 2008 R2 So it sounds like I should raise that level?
On Tue, 23 May 2017 19:13:47 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-05-23 um 18:57 schrieb Stefan G. Weichinger via samba: > > > can't talk to the DC from the PC via RSAT (for example editing GPOs) > > > > That has worked already before! Restarted DC VM and client PC ... > > > > Do I have to raise the level of the domain? I am googling around for > > this ... > > domain level show tells me > > > Forest function level: (Windows) 2003 > Domain function level: (Windows) 2003 > Lowest function level of a DC: (Windows) 2008 R2 > > So it sounds like I should raise that level? > >You shouldn't need to, lets start with your new DCs smb.conf Rowland
Am 2017-05-23 um 19:38 schrieb Rowland Penny:>> So it sounds like I should raise that level? >> > > You shouldn't need to, lets start with your new DCs smb.confset a VM snapshot and raised it already :-P - Right now I think I screwed up the default policies somehow ntacl sysvolreset works ntacl sysvolcheck ... throws error (hard to paste right now as the test-LAN is completely separate from my work LAN) found a thread pointing at a bug !? Can I reset that somehow manually? I tried to copy over policies from another customer's DC and chgrp-ed ... no success so far. But I can create and edit users via RSAT. So it seems to be related to Policies for now. The smb.conf is quite small ... I used an USB stick now: (from testparm -> ) [global] workgroup = BUERO realm = my.tld server role = active directory domain controller passdb backend = samba_dsdb load printers = No printcap name = /dev/null rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4 acl_xattr [netlogon] path = /var/lib/samba/sysvol/my.tld/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No