[Samba] Default Group Policies and Default Domain Controller Policy are empty
kaffeesurrogat
kaffeesurrogat at posteo.de
Mon Feb 17 13:32:22 UTC 2020
Dear List,
again a problem I'm not able to solve. I've been trying to add a test
user. Since it is a testuser I'm going to delete quite soon, I've wanted
to use a simple password without any complexity.
Not knowing it better, I wanted to change the default group policy
object of my domain using rsat. First thing I've noticed, that it was
completely empty. Not a singe rule or entry. Same thing holds for my
Default Domain Controller Policy.
Using the "Gruppenrichtlinieneditor" i've added a view rules, like
turning complexity off....
Creating a user with a simple password is still not working.
-----------------------------------------------
I've provisioned my samba ADDC with
samba-tool domain provision --use-rfc2307 --domain=XXX
--targetdir=/smbaddc --interactive
-------------------------------------------
ls /smbaddc/state/sysvol/XXX.YY/Policies returns
three entries with long {...} names.
Judging by the date of creation, those entries by me adding the
Complexity Turn Off Policy to the default policies.
------------------------------------------
gupdate /force on my windowsmachine runs without complains
------------------------------------------
samba-tool ntacl sysvolcheck
does not complain
------------------------------------------
samba-tool gpo aclcheck -UAdministrator
does not complain
------------------------------------------
I did a
samba-tool ntacl sysvolreset
with success.
------------------------------------------
my smb.conf from /smbaddc/etc/smb.conf
# Global parameters
[global]
binddns dir = /smbaddc/bind-dns
cache directory = /smbaddc/cache
dns forwarder = 8.8.8.8
lock directory = /smbaddc
netbios name = PLFA1
private dir = /smbaddc/private
realm = LFA.LS
server role = active directory domain controller
state directory = /smbaddc/state
workgroup = LFA
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = lo br0
log file = /var/log/samba/log.%m
log level = 3
[sysvol]
path = /smbaddc/state/sysvol
read only = No
[netlogon]
path = /smbaddc/state/sysvol/lfa.ls/scripts
read only = No
wich is strange. Why is there a binddns dir? I've used INTERNAL SAMBA DNS.
------------------------------------------------
long story cut short. Shouldn't there be same default domain policies
after provisioning ?
Have fun,
blubberbaer
More information about the samba
mailing list