[Samba] ntconfig.pol not even being loaded

Tim Bates tin at new-life.org.au
Sun Dec 16 23:50:27 GMT 2007

At one site I support, I have just recently put a policy file on their
server to try and make some stuff easier to manage. Only problem is
Windows is not even trying to load it. I watched the traffic in
Wireshark, and there's no request for the ntconfig.pol file at all. And
of course nothing from it is being applied.
I had read that this can happen if someone has set the policy refresh
settings to never refresh (or manually or whatever it is), but I have
checked this and tried with a newly installed Windows machine, and it
still doesn't work.

Is there some special setting I am missing? What is the bare minimum for
ntconfig.pol to apply? What should the netlogon share definition look like?

Global config options that seem relevent are:
   workgroup = CRDC
   domain master = yes
   prefered master = yes
   domain logons = yes
   logon path = \\%L\profiles\%U
   logon script = logon.bat
   dns proxy = no
   name resolve order = lmhosts host wins bcast
   security = user
   guest account = nobody
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   pam password change = yes
   socket options = TCP_NODELAY

The share definition looks like this:
   comment = Network Logon Service
   path = /samba/netlogon
   guest ok = no
   writable = yes
   browsable = no
   write list = mwheeler, tin, root


More information about the samba mailing list