Samba4 MMC Write Support

Andrew Bartlett abartlet at
Tue Jul 3 02:52:20 GMT 2007

On Tue, 2007-07-03 at 12:21 +1000, tridge at wrote:
> Andrew,
>  > [SYSVOL] shouldn't be our private dir, but say /usr/local/samba/sysvol. 
> actually, I wonder if we shouldn't make [sysvol] point by default into
> one of the standard directories (like where we place our long term tdb
> databases). It should remain fairly small, and is really config
> information, not user data.

We shouldn't expose our tdbs that way, but I think the default provision
should include both shares, with the setup you describe below already

>  > Perhaps just check the silly things - do the directories exist, and do
>  > you have access?
> Here is a (very brief) howto:
> 1) you need to create the right directories. Run this command:
>      ldbsearch -H $PREFIX/private/sam.ldb objectClass=groupPolicyContainer gPCFileSysPath
>   That will point you at a UNC path with a GUID in it. You can edit
>   that path using ldbedit, or create a share to match that path. 
>   Within that path you need to create subdirectories called Machine
>   and User. 
> 2) use gpmc.msc and edit your policies, connected as administrator
> 3) use chmod -R to make the files and directories in that share
>    accessible for read by everyone. This shouldn't be necessary, and I
>    have a pending patch to fix this, but for now you'll need to do it
>    by hand.
> 4) login from a client, and see that the policies are obeyed. I
>    sometimes find it takes 2 logins before they apply on a client. I
>    don't know why yet.
> Cheers, Tridge
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list