[Samba] Samba as AD-Controller: unable to update policies and call start scripts

Luca Bertoncello lucabert at lucabert.de
Fri Apr 8 07:33:57 UTC 2016

Zitat von "L.P.H. van Belle" <belle at bazuin.nl>:

> This is correct
>>> that gpupdate tries to copy somethings from \\cch.intra\sysvol and  
>>> not from \\dc1\sysvol...
>>> There a no server with name cch.intra, this is just the Realm...
> No not REALM, but DNSdomain but with the same name as the REALM.

OK, I'm not expert in Samba as AD...

> You “should” be able to “ping cch.intra” or browse to \\cch.intra  

ping yes, browse not. Or better, I can see the shares, but not access them!

> if not, then your missing dns records.

I'm not sure, I undestood your sentence, sorry...

> If you have only windows users accessing sysvol
> Change your sysvol to
>> [sysvol]
>>           path = /usr/local/samba/var/locks/sysvol
>>           read only = No
>>          acl_xattr:ignore system acls = yes
> Which helps, because you can set better windows ACLs.

It doesn't...

 From Windows I tried:

   dir \\dc1\sysvol

and I got data, but

   dir \\cch.intra\sysvol


Anmeldung fehlgeschlagen: unbekannter Benutzername oder falsches Kennwort.

PCs are in German...
Translated is the error: unable to login, unknown username or wrong password.

> But most important, it helps if you post your smb.conf here.

# Global parameters
         workgroup = CCH
         server string = Domain controller
         realm = CCH.INTRA
         netbios name = DC1
         server role = active directory domain controller
         dns forwarder =
         server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,  
winbind, ntp_signd, kcc, dnsupdate, dns, smb
         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,  
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,  
eventlog6, backupkey, dnsserver, winreg, srvsvc
         idmap_ldb:use rfc2307 = yes

# Damit die Nutzer sich auch in Linux anmelden können
         template shell = /bin/bash
# Homedir in /home
         template homedir = /home/%ACCOUNTNAME%

domain logons = yes
logon script = logon.cmd

         path = /var/lib/samba/sysvol/cch.intra/scripts
         read only = No

         path = /var/lib/samba/sysvol
         read only = No
         acl_xattr:ignore system acls = yes

> And before deleting your domain, if you do the same, you end up with  
> the same problem.
> The “old PC” i guess windows 7?
> The New PC, i guess windows 10?

All PCs use Windows 7.

> Static ip of DHCP ip?

All PCs with DHCP.

Luca Bertoncello
(lucabert at lucabert.de)

More information about the samba mailing list