[Samba] sysvol right error and how to correct it.
Rowland penny
rpenny at samba.org
Tue Jan 12 16:56:51 UTC 2021
On 12/01/2021 16:06, karel.de.macil at free.fr wrote:
>
> Hi Rowland,
>
> here is the smb.conf file.
>
> - Can you explain why you want me to demote the Jessie DC and is it
> necessary to update it to bulleye or can i update it to stable with
> the same samba version as in bulleye ?
You need to upgrade Samba, 4.2.x is just too old, but then Jessie is now
EOL and even if it wasn't, the libs etc that a supported version of
Samba needs will be to old, so upgrade everything.
> - Can you please tell me what to do next ?
>
> smb.conf on bulley (let's call it DCA)
> [global]
> netbios name = XXXXXXX
> realm = DOMAIN.FR
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate, dns
That is the default server services line, so you don't need it.
> workgroup = DOMAIN
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 8.8.8.8
> allow dns updates = nonsecure
> dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool
> restrict anonymous = 2
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> printing = bsd
> log level = 6
> #auth_audit:10@/var/log/samba/log.auth_audit
> disable netbios = yes
That is not how you turn off netbios on a DC, you need:
server services = -nbt
> smb ports = 445
> server schannel = yes
> ntlm auth = true
Why do need ntlm auth ?
>
> [netlogon]
> path = /var/lib/samba/sysvol/domain.fr/scripts
> read only = No
> vfs objects = full_audit
Oh dear, by setting 'vfs objects' like that, you have turned off the
defaults 'dfs_samba4 acl_xattr'. If you are going to set 'vfs objects'
on a DC, you need to set them like this:
vfs objects = dfs_samba4 acl_xattr full_audit
Rowland
More information about the samba
mailing list