Am 2017-05-23 um 19:38 schrieb Rowland Penny:>> So it sounds like I should raise that level? >> > > You shouldn't need to, lets start with your new DCs smb.confset a VM snapshot and raised it already :-P - Right now I think I screwed up the default policies somehow ntacl sysvolreset works ntacl sysvolcheck ... throws error (hard to paste right now as the test-LAN is completely separate from my work LAN) found a thread pointing at a bug !? Can I reset that somehow manually? I tried to copy over policies from another customer's DC and chgrp-ed ... no success so far. But I can create and edit users via RSAT. So it seems to be related to Policies for now. The smb.conf is quite small ... I used an USB stick now: (from testparm -> ) [global] workgroup = BUERO realm = my.tld server role = active directory domain controller passdb backend = samba_dsdb load printers = No printcap name = /dev/null rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4 acl_xattr [netlogon] path = /var/lib/samba/sysvol/my.tld/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No
On Tue, 23 May 2017 19:47:55 +0200 "Stefan G. Weichinger" <lists at xunil.at> wrote:> Am 2017-05-23 um 19:38 schrieb Rowland Penny: > > >> So it sounds like I should raise that level? > >> > > > > You shouldn't need to, lets start with your new DCs smb.conf > > set a VM snapshot and raised it already :-P > > - > > Right now I think I screwed up the default policies somehow > > ntacl sysvolreset works > > ntacl sysvolcheck ... throws error (hard to paste right now as the > test-LAN is completely separate from my work LAN) > > found a thread pointing at a bug !? > > Can I reset that somehow manually?If you are adding GPOs, then yes, by never running sysvolreset.> The smb.conf is quite small ... I used an USB stick now: > > (from testparm -> )I take it that it was 'testparm -v' and your smb.conf on disc looks like this: [global] workgroup = BUERO realm = my.tld server role = active directory domain controller load printers = No printcap name = /dev/null idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/my.tld/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No In which case, what happened to 'netbios name =' ? Other than that, there doesn't seem to be anything else wrong. Rowland
Am 2017-05-23 um 20:16 schrieb Rowland Penny:>> Can I reset that somehow manually? > > If you are adding GPOs, then yes, by never running sysvolreset.I only did that after sysvolcheck failed! And I still get these problems in the GPO-management. I translate via googling: "A processing error occurred collecting data using this base domain controller." this one ? https://social.technet.microsoft.com/Forums/windows/en-US/7dde2a7c-416b-4ba4-8861-cfa915c4eba9/a-processing-error-occurred-collecting-data-using-this-base-domain-controller?forum=winserverGP but that is NTFS related .... I have to browse all that>> The smb.conf is quite small ... I used an USB stick now: >> >> (from testparm -> ) > > I take it that it was 'testparm -v' and your smb.conf on disc looks > like this: > > [global] > workgroup = BUERO > realm = my.tld > server role = active directory domain controller > load printers = No > printcap name = /dev/null > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/lib/samba/sysvol/my.tld/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > > In which case, what happened to 'netbios name =' ?good question. maybe obsolete as it is the default?> Other than that, there doesn't seem to be anything else wrong.Good to hear.