[Samba] GPO Editor says "Access denied" for Group Policy Objects
Rowland Penny
rpenny at samba.org
Thu Apr 25 17:02:22 UTC 2024
On Thu, 25 Apr 2024 17:27:36 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> I don’t think you need winbind on a DC as user mapping is done by its
> own databases.
A DC still uses winbind, but it can only use idmap.ldb, whereas a Unix
domain member can use several different idmap backends.
> I think you have mixed up member server configs into
> DC configs.
>
> A smb.conf like this should be enough:
>
> [global]
> dns forwarder = 1.1.1.1
> netbios name = AAA
> realm = XXXT
> server role = active directory domain controller
> workgroup = MAD
> idmap_ldb:use rfc2307 = yes
>
> #Allow this for free radius to work
> ntlm auth = mschapv2-and-ntlmv2-only
>
> # Disable Netbios
> disable netbios = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/XXXTscripts
> read only = No
>
>
> See this for details.
>
> http://samba.bigbird.es/doku.php?id=samba:idmap-backends
>
>
That smb.conf will work, but I do not think that is the OP's problem.
Rowland
More information about the samba
mailing list