I have all the settings on the MS side of things as well as the considered settings for disabling of offline cacheing on the profiles share, but I am still getting messages from event viewer that they're not disabled. This has already corrupted a few profiles of XP machine on my networks and I would like it to be configured appropriatly. Hopefully this is just something easy that I have missed. Here is my testparm -v report. # Global parameters [global] server role = domain controller sid generator = internal dos charset = CP850 unix charset = UTF8 ncalrpc dir = /usr/local/samba/var/ncalrpc display charset = workgroup = CASINC realm = CAS-ONLINE.COM netbios name = THESUN netbios aliases = netbios scope = server string = Samba 4.0.0alpha12-GIT-2caa2a0 interfaces = bind interfaces only = No ntptr providor = simple_ldb dcerpc endpoint servers = epmapper, srvsvc, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, winreg, dssetup, unixinfo, browser server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate security = USER encrypt passwords = Yes null passwords = No obey pam restrictions = No password server = * sam database = sam.ldb idmap database = idmap.ldb secrets database = secrets.ldb spoolss database = spoolss.ldb wins config database = wins_config.ldb wins database = wins.ldb private dir = /usr/local/samba/private passwd chat = *new*password* %n\n *new*password* %n\n *changed* password level = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No client use spnego principal = No log level = 0 log file = smb ports = 445, 139 nbt port = 137 dgram port = 138 cldap port = 389 krb5 port = 88 kpasswd port = 464 web port = 901 tls enabled = Yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem tls cafile = tls/ca.pem tls crlfile = tls dh params file = swat directory = /usr/local/samba/share/swat large readwrite = Yes server max protocol = NT1 server min protocol = CORE client max protocol = NT1 client min protocol = CORE unicode = Yes read raw = Yes write raw = Yes disable netbios = No nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 12288 name resolve order = wins, host, bcast max wins ttl = 518400 min wins ttl = 10 time server = No unix extensions = No use spnego = Yes server signing = auto client signing = Yes rpc big endian = No paranoid server security = Yes socket options = TCP_NODELAY preferred master = Auto local master = Yes wins server = wins support = No dns proxy = Yes wins hook = share backend = classic preload = lock dir = /usr/local/samba/var/locks modules dir = /usr/local/samba/modules pid directory = /usr/local/samba/var/run setup directory = /usr/local/samba/share/setup socket address = 0.0.0.0 panic action = host msdfs = No winbind separator = \ winbindd socket directory = /usr/local/samba/var/run/winbindd winbindd privileged socket directory = /usr/local/samba/var/lib/winbindd_privileged winbind sealed pipes = Yes template shell = /bin/false template homedir = /home/%WORKGROUP%/%ACCOUNTNAME% idmap trusted only = No ntp signd socket directory = /usr/local/samba/var/run/ntp_signd rndc command = /usr/sbin/rndc dns update command = /usr/local/samba/sbin/samba_dnsupdate nsupdate command = /usr/bin/nsupdate -g prefork children:smb = 4 registry:hkey_users = hku.ldb registry:hkey_local_machine = hklm.ldb auth methods:standalone = anonymous sam_ignoredomain auth methods:member server = anonymous sam winbind auth methods:domain controller = anonymous sam_ignoredomain comment = path = ntvfs handler = unixuid, default read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 hosts allow = hosts deny = max connections = -1 strict sync = No case insensitive filesystem = No max print jobs = 1000 printable = No printer name = map system = No map hidden = No map archive = Yes browseable = Yes csc policy = manual strict locking = Yes oplocks = Yes copy = include = available = Yes volume = fstype = NTFS msdfs root = No [netlogon] path = /usr/local/samba/var/locks/sysvol/cas-online.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [profiles] path = /var/samba/profiles read only = No browseable = No csc policy = disable [intranet] path = /var/www read only = No create mask = 0775 directory mask = 0775 browseable = No [shares] path = /var/samba/shares/test read only = No create mask = 0665 [docs] path = /var/samba/docs read only = No create mask = 0655 [IPC$] comment = IPC Service (Samba 4.0.0alpha12-GIT-2caa2a0) path = /tmp ntvfs handler = default browseable = No fstype = IPC [ADMIN$] comment = DISK Service (Samba 4.0.0alpha12-GIT-2caa2a0) path = /tmp browseable = No fstype = DISK
Whenever I look on the web for a solution I get all sorts of different possiblities to fix this and most of them refer to MS servers. I have to think I have tried most of what I have read, but I really want to here it from the developers on how to do this correctly so that ALL of my profiles don't end up getting corrupted and screwing up my whole domain.
This is about Samba4 as a file server? If it was Samba3, I would have recommended to try "csc policy = disable". I'm not sure if this also works in Samba4. Volker
If you look at my testparm you'll see I have "csc policy = disable" in there. (In reply to comment #2) > This is about Samba4 as a file server? If it was Samba3, I would have > recommended to try "csc policy = disable". I'm not sure if this also works in > Samba4. > > Volker >
Apologies. I had only seen the "manual" in [global]. Then I'm lost.
Well, I don't think that the bug is really critical. Robert, have you managed to find a solution?
no response, also there had been some csc policy fixes since this was reported, this is probably not an issue any more.