Samba4 MMC Write Support

Andrew Bartlett abartlet at samba.org
Tue Jul 3 02:52:20 GMT 2007


On Tue, 2007-07-03 at 12:21 +1000, tridge at samba.org wrote:
> Andrew,
> 
>  > [SYSVOL] shouldn't be our private dir, but say /usr/local/samba/sysvol. 
> 
> actually, I wonder if we shouldn't make [sysvol] point by default into
> one of the standard directories (like where we place our long term tdb
> databases). It should remain fairly small, and is really config
> information, not user data.

We shouldn't expose our tdbs that way, but I think the default provision
should include both shares, with the setup you describe below already
done. 

>  > Perhaps just check the silly things - do the directories exist, and do
>  > you have access?
> 
> Here is a (very brief) howto:
> 
> 1) you need to create the right directories. Run this command:
> 
>      ldbsearch -H $PREFIX/private/sam.ldb objectClass=groupPolicyContainer gPCFileSysPath
> 
>   That will point you at a UNC path with a GUID in it. You can edit
>   that path using ldbedit, or create a share to match that path. 
> 
>   Within that path you need to create subdirectories called Machine
>   and User. 
> 
> 2) use gpmc.msc and edit your policies, connected as administrator
> 
> 3) use chmod -R to make the files and directories in that share
>    accessible for read by everyone. This shouldn't be necessary, and I
>    have a pending patch to fix this, but for now you'll need to do it
>    by hand.
> 
> 4) login from a client, and see that the policies are obeyed. I
>    sometimes find it takes 2 logins before they apply on a client. I
>    don't know why yet.
> 
> Cheers, Tridge
> 
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070703/f44f5393/attachment.bin


More information about the samba-technical mailing list