On Tue, 6 Nov 2018 11:16:07 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 05/11/2018 14:01, Rowland Penny via samba ha scritto: > > This is what I thought, so remove the libnss_winbind links from the > > DC, these are only required if you want to use your DC as a > > fileserver. > ok, but my gpo where are stored ?? > If i cannot access to my dc, i cannot import gpo on client : is > correct ???No, your GPO's will still work. Rowland
Il 06/11/2018 11:48, Rowland Penny via samba ha scritto:> No, your GPO's will still work.ok but when i created my gpo in sysvol i cannot access to this share because: drwxrwx---+ 4 3000002 3000002 48 6 nov 12.03 {CE2EBBA2-28FE-45D7-94EC-CD7357F38D73} Must i, for each new policy, adjiust right e owner ??? mmmmmmmh -- *Corrado Ravinetto *
On Tue, 6 Nov 2018 12:13:31 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 06/11/2018 11:48, Rowland Penny via samba ha scritto: > > No, your GPO's will still work. > > ok > but when i created my gpo in sysvol i cannot access to this share > because: > > drwxrwx---+ 4 3000002 3000002 48 6 nov 12.03 > {CE2EBBA2-28FE-45D7-94EC-CD7357F38D73} > > Must i, for each new policy, adjiust right e owner ??? > > mmmmmmmh'3000002' is coming from idmap.ldb and because '3000002' isn't a Unix user, it isn't mapped to a Unix name, it could in fact be a group, yes, groups on Windows can own folders & files. There is a wiki page that might help: https://wiki.samba.org/index.php/Managing_local_groups_on_domain_members_via_GPO_restricted_groups Further than that, I cannot help, I do not use GPO's, I don't have any Windows clients ;-) Perhaps Louis might care to chime in here. Rowland
Hai, I suggest, start reading here, it explains all. https://lists.samba.org/archive/samba/2018-February/213690.html The script in that thread is not changing anything by default. I suggest try it and post the output. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 6 november 2018 12:33 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] classicupgrade > > On Tue, 6 Nov 2018 12:13:31 +0100 > Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > > > > > Il 06/11/2018 11:48, Rowland Penny via samba ha scritto: > > > No, your GPO's will still work. > > > > ok > > but when i created my gpo in sysvol i cannot access to this share > > because: > > > > drwxrwx---+ 4 3000002 3000002 48 6 nov 12.03 > > {CE2EBBA2-28FE-45D7-94EC-CD7357F38D73} > > > > Must i, for each new policy, adjiust right e owner ??? > > > > mmmmmmmh > > '3000002' is coming from idmap.ldb and because '3000002' isn't a Unix > user, it isn't mapped to a Unix name, it could in fact be a > group, yes, > groups on Windows can own folders & files. > > There is a wiki page that might help: > > https://wiki.samba.org/index.php/Managing_local_groups_on_doma > in_members_via_GPO_restricted_groups > > Further than that, I cannot help, I do not use GPO's, I don't have any > Windows clients ;-) > > Perhaps Louis might care to chime in here. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >