On 07/10/2020 19:58, ???????? ??????? ??????? wrote:> Centos 8
> samba 4.12.2
> systemd
When I asked 'how are you running Samba', I meant what as :-D
But your smb.conf tells me.>
> [global]
> ? ? ? ? dns forwarder = 8.8.8.8
> ? ? ? ? netbios name = XX-DC04
> ? ? ? ? realm = XXXX.XXXX
> ? ? ? ? server role = active directory domain controller
> ? ? ? ? workgroup = XX
> ? ? ? ? idmap_ldb:use rfc2307 = yes
> ? ? ? ? allow dns updates = nonsecure and secure
> ? ? ? ? nsupdate command = /usr/bin/nsupdate -g
> ? ? ? ? log file = /var/log/samba/samba_1802.log
> ? ? ? ? ntlm auth = yes
Do you really need NTLMv1 ?> ? ? ? ? max log size = 50000
> ? ? ? ? log level = 1 auth:1
> ? ? ? ? vfs objects = acl_xattr
Ah, that will not help, 'acl_xattr' is one of the default vfs objects
and by setting it, you have turned the other one off, I suggest you
remove the line, you will still get 'acl_xattr', but more importantly,
you will turn the other one back on again.> ? ? ? ? map acl inherit = yes
> ? ? ? ? store dos attributes = yes
> ? ? ? ? dsdb:schema update allowed = true
You should only have the 'dsdb' set when you are adding a schema
extension.> ? ? ? ? tls enabled ?= yes
> ? ? ? ? tls keyfile ?= /usr/local/samba/private/tls/dc04_key.pem
> ? ? ? ? tls certfile = /usr/local/samba/private/tls/dc04_crt.pem
> ? ? ? ? tls cafile > ? ? ? ? ldap server require strong auth = no
Interesting, you have gone to all the trouble of creating your own
certificates and then told Samba to not bother about it
=-O> [netlogon]
> ? ? ? ? path = /usr/local/samba/var/locks/sysvol/xxxx.xxxx/scripts
> ? ? ? ? read only = No
> ? ? ? ? write ok = Yes
> [sysvol]
> ? ? ? ? path = /usr/local/samba/var/locks/sysvol
> ? ? ? ? read only = No
> ? ? ? ? write ok = Yes
'write ok' is a synonym for 'writeable', which is a reverse
synonym for
'read only', or to put it another way, 'read only = No' and
'write ok =
Yes' mean the same, so you only need one of them.
Try making the changes I suggest and see what happens.
Rowland