samba - Oct 2024 - sysvol share: access to the security tab

There was a long conversation about this some months ago with @Rowland, I take
it there is.

If all happy with that, I can edit the wiki no problem, in fairness this
particular article:

https://wiki.samba.org/index.php/Sysvolreset

Seems quite complex (and outdated) to me.

On Oct 21, 2024 at 18:11 +0200, Billy Bob <billysbobs at yahoo.com>,
wrote:
>
> Luis,
>
> If there is consensus?on this, perhaps you could propose an edit to the
Wiki explaining it there.

On Mon, 21 Oct 2024 18:26:30 +0200
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> There was a long conversation about this some months ago with
> @Rowland, I take it there is.
> 
> If all happy with that, I can edit the wiki no problem, in fairness
> this particular article:
> 
> https://wiki.samba.org/index.php/Sysvolreset
> 
> Seems quite complex (and outdated) to me.
There was a time that running sysvolreset would break things, not fix
them, but that was quite a few years ago, that wikipage was from that
time and is no longer relevant.

When that wikipage was written (by the much missed Louis Van Belle), it
was thought the best way of running samba was to use RFC2307
attributes. I personally do not think this anymore, all it actually
gives you is the ability to use individual Unix home directories and
logon shells, with the downside that you have to add the rfc2307
attributes manually. There is also the problem of Domain Admins, if you
use RFC2307 attributes, you must either not give the group a gidNumber
attribute or not set 'idmap_ldb:use rfc2307  = yes' in the DC(s)
smb.conf (as pointed out by Luis Peromarta).

Rowland