[Samba] Windows 10 in Samba 3 domain: netlogon share access denied
MI
mi.lists at alma.ch
Thu Jun 18 01:33:40 MDT 2015
>
> Please, post your smb.cfg and the output of the command "getfacl NetLogonFolder".
Here is the samba config.
$ testparm -s
...
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = FRENETIC
netbios name = JANUS
server string = %h server
interfaces = 127.0.0.0/8, 192.168.44.0/24, 10.44.0.0/24
bind interfaces only = Yes
map to guest = Bad User
passdb backend = ldapsam
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 2000
time server = Yes
unix extensions = No
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon-%a.bat
logon path = \\%N\%U\profile-%a
logon drive = H:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = "cn=admin,dc=frenetic,dc=lan"
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=frenetic,dc=lan
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
create mask = 0775
directory mask = 02775
hide files = /Maildir/desktop.ini/RECYCLER/PUTTY.RND/lost+found/
veto oplock files = /*.doc/*.xls/*.mdb/*.MDB/*.pst/*.PST/
csc policy = disable
wide links = Yes
[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
write list = @admins
read only = No
guest ok = Yes
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
profile acls = Yes
browseable = No
etc. (other shares work OK)
$ /usr/sbin/smbd --version
Version 3.5.6
$ getfacl /etc/samba/netlogon/
-bash: getfacl: command not found
We don't use ACLs on the server. The Unix permissions on the directory are
$ stat /etc/samba/netlogon/
...
Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 1001/ admins)
Everything is fine with Win7 clients. On Win10, all I did before joining the domain
was set the 2 registry keys under ...\LanmanWorkstation\Parameters :
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
And in ...\LanmanWorkstation, "DependOnService" replace "RMRxSmb20" with "RMRxSmb10"
in the list.
More information about the samba
mailing list