[Samba] Proper sysvol permissions

Rowland Penny rpenny at samba.org
Fri Jun 22 14:45:47 UTC 2018


On Fri, 22 Jun 2018 16:07:39 +0200
Michal via samba <samba at lists.samba.org> wrote:

> Samba 4.8.2 as AD controller, installed from scratch (no upgrade).
> 
> I am getting "access denied" for GPO objects and netlogon or sysvol
> shares both on Win7 and W10 clients.
> 
> [root at ad1 etc]# ll /usr/local/samba.ad/var/locks/
> total 1384
> -rw-------  1 root root 421888 May 17 08:30 account_policy.tdb
> -rw-------  1 root root 528384 May 17 08:30 registry.tdb
> -rw-------  1 root root 421888 May 17 08:29 share_info.tdb
> drwxrwx---+ 6 root  544   4096 Jun  1 16:38 sysvol
> -rw-------  1 root root  32768 Jun 22 15:40 winbindd_cache.tdb
> drwxr-x---  2 root root   4096 Jun 22 15:40 winbindd_privileged
> 
> [root at ad1 etc]# ll /usr/local/samba.ad/var/locks/sysvol/
> total 32
> drwxrwx---+ 3 root 544 4096 May 17 08:21 ad.nemuh.cz
> drwxrwx---+ 4 root 544 4096 Jun  1 16:22 nemuh.cz
> drwxrwx---+ 4 root 544 4096 May 17 08:27 nspuh.cz
> drwxrwx---+ 4 root 544 4096 Jun  1 16:33 uhn.cz

Two questions, why do you have 4 directories under sysvol, when all
that should be there (according to your smb.conf) is 'nemuh.cz'
The second question is, where did '544' come from ?

How did you install and provision Samba, did you follow the Samba wiki
or some other web page ?

 
> [global]
>         netbios name = AD1
>         realm = NEMUH.CZ
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, k
>        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, k
>        workgroup = UHN
>        idmap_ldb:use rfc2307 = yes

Why are there two 'server services' lines ?
And why do they both end with a 'k' ?
I also take it you are running Bind9 as the dns server, is this running
on the DC and is it set up correctly ?

Rowland



More information about the samba mailing list