[Samba] classicupgrade

Corrado Ravinetto corrado.ravinetto at lanificiocerruti.com
Tue Nov 6 13:34:36 UTC 2018 

great :-)

Il 06/11/2018 14:17, L.P.H. van Belle via samba ha scritto:
> This is one time settings.
> En yes, for each policy you need to klik on these once. ( in the gpo policy objects in GPO editor )
ok
> Can you post smb.conf
[global]
         netbios name = DC1
         realm = LXCERRUTI.COM
         server role = active directory domain controller
         workgroup = LXCERRUTI
         idmap_ldb:use rfc2307 = yes
         log level = 1

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

>
> getfacl PATH_TO_SYSVOL
i'm not sure these are the original, i do many changes ....

# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: root
user::rwx
user:root:rwx
user:3000000:rwx
user:3000003:r-x
group::rwx
group:3000000:rwx
group:3000001:rwx
group:3000003:r-x
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000003:r-x
default:group::---
default:group:3000000:rwx
default:group:3000001:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---

>
> getent the_Folder_ONE_below-PATH_TO_SYSVOL
>
> Explorer crashes, if 9 out of 10 x a wrong right on the folder below the point your sharing.
> Per example.
>
> getfacl /home
> getfacl /home/samba
> getfacl /home/samba/share/
> getfacl /home/samba/share/data
>
> Can you post these all also but replace the example path to your setup.
my dc is not a file server, no home or share in this server
only netlogon and sysvol

# file: usr/local/samba/var/locks/sysvol/lxcerruti.com/scripts
# owner: root
# group: root
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:rwx
user:3000003:r-x
group::rwx
group:3000000:rwx
group:3000001:rwx
group:3000003:r-x
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000001:rwx
default:user:3000003:r-x
default:group::---
default:group:3000000:rwx
default:group:3000001:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---


>
>
> Greetz,
>
> Louis
>
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Corrado Ravinetto via samba
>> Verzonden: dinsdag 6 november 2018 13:44
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] classicupgrade
>>
>> hello
>> i read this post, but when i check property tab, explorer crash and i
>> cannot changing anything.
>> My question is: for each new policy i must change this default ???
>> Cannot I change create mask on smb.conf for sysvol share ???
>>
>> thanks at all
>>
>> Il 06/11/2018 13:22, L.P.H. van Belle via samba ha scritto:
>>> Hai,
>>>
>>> I suggest, start reading here, it explains all.
>>> https://lists.samba.org/archive/samba/2018-February/213690.html
>>>
>>> The script in that thread is not changing anything by default.
>>>
>>> I suggest try it and post the output.
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Rowland Penny via samba
>>>> Verzonden: dinsdag 6 november 2018 12:33
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] classicupgrade
>>>>
>>>> On Tue, 6 Nov 2018 12:13:31 +0100
>>>> Corrado Ravinetto via samba <samba at lists.samba.org> wrote:
>>>>
>>>>> Il 06/11/2018 11:48, Rowland Penny via samba ha scritto:
>>>>>> No, your GPO's will still work.
>>>>> ok
>>>>> but when i created my gpo in sysvol i cannot access to this share
>>>>> because:
>>>>>
>>>>> drwxrwx---+ 4 3000002 3000002 48  6 nov 12.03
>>>>> {CE2EBBA2-28FE-45D7-94EC-CD7357F38D73}
>>>>>
>>>>> Must i, for each new policy, adjiust right e owner  ???
>>>>>
>>>>> mmmmmmmh
>>>> '3000002' is coming from idmap.ldb and because '3000002'
>> isn't a Unix
>>>> user, it isn't mapped to a Unix name, it could in fact be a
>>>> group, yes,
>>>> groups on Windows can own folders & files.
>>>>
>>>> There is a wiki page that might help:
>>>>
>>>> https://wiki.samba.org/index.php/Managing_local_groups_on_doma
>>>> in_members_via_GPO_restricted_groups
>>>>
>>>> Further than that, I cannot help, I do not use GPO's, I
>> don't have any
>>>> Windows clients ;-)
>>>>
>>>> Perhaps Louis might care to chime in here.
>>>>
>>>> Rowland
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>> -- 
>>
>> *Corrado Ravinetto *
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

-- 

*Corrado Ravinetto *

More information about the samba mailing list