Samba4 MMC Write Support

tridge at tridge at
Tue Jul 3 02:21:34 GMT 2007


 > [SYSVOL] shouldn't be our private dir, but say /usr/local/samba/sysvol. 

actually, I wonder if we shouldn't make [sysvol] point by default into
one of the standard directories (like where we place our long term tdb
databases). It should remain fairly small, and is really config
information, not user data.

 > Perhaps just check the silly things - do the directories exist, and do
 > you have access?

Here is a (very brief) howto:

1) you need to create the right directories. Run this command:

     ldbsearch -H $PREFIX/private/sam.ldb objectClass=groupPolicyContainer gPCFileSysPath

  That will point you at a UNC path with a GUID in it. You can edit
  that path using ldbedit, or create a share to match that path. 

  Within that path you need to create subdirectories called Machine
  and User. 

2) use gpmc.msc and edit your policies, connected as administrator

3) use chmod -R to make the files and directories in that share
   accessible for read by everyone. This shouldn't be necessary, and I
   have a pending patch to fix this, but for now you'll need to do it
   by hand.

4) login from a client, and see that the policies are obeyed. I
   sometimes find it takes 2 logins before they apply on a client. I
   don't know why yet.

Cheers, Tridge

More information about the samba-technical mailing list