[Samba] GPO / Sysvol problems
Gregory Sloop
gregs at sloop.net
Thu Jan 24 18:55:23 UTC 2019
This is the samba conf file (not on the DC's, but on the box where profiles are being stored - which is where our problem is, IMO) - does anything in here need addressing?
[I've slightly sanitized some names.]
I'm trying to gather relevant samba logs from this same box, as well as anything that looks relevant from the Windows station event logs.
But I thought starting here might be worth-while.
I don't see anything that strikes me as really wrong, but I'm pretty out of my comfort zone here.
--
[global]
server min protocol = SMB2_02
server max protocol = SMB3
interfaces = 127.0.0.1 10.8.22.4 127.0.0.1
bind interfaces only = yes
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 1884710
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = no
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
unix extensions = no
acl allow execute always = true
dos filemode = yes
multicast dns register = no
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
workgroup = AD
realm = AD.AB.LOCAL
security = ADS
client use spnego = yes
local master = no
domain master = no
preferred master = no
ads dns update = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config AD: backend = rid
idmap config AD: range = 20000-90000000
allow trusted domains = no
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%D/%U
netbios name = AB-FREENAS
netbios aliases = AB-FREENAS
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3
[ab-profiles]
path = "/mnt/abac-zfs-01/ad-profiles"
comment = ab-profiles
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[abac-share1]
path = "/mnt/abac-zfs-01/ad-shared-folders"
comment = abac-share1
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = acl_xattr zfs_space zfsacl streams_xattr
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
More information about the samba
mailing list