The option 'host msdfs' is not set active, which prevents Windows machines Vista and Windows 7 from applying GPOs. However, Samba4 reports 'host msdfs = Yes' which isn't true. $ testparm -v | grep "host msdfs" shows the implicit setting After setting 'host msdfs = true' in smb.conf, GPOs apply as expected. See also: http://lists.samba.org/archive/samba-technical/2011-December/080839.html
Indeed, why is this not on by default (at least on the DC)? Why should it ever be off on the DC?
A fix for this is in autobuild. We will now match Samba3 and have this feature on by default.
(In reply to comment #2) > A fix for this is in autobuild. We will now match Samba3 and have this feature > on by default. Does this mean, testparm will be fixed to show the real value instead of just reporting 'Yes'? I will check the new version soon, thanks.
currently testparm reads samba3 parameters, while samba-tool testparm reads samba4 parameters. There is an ongoing but incomplete task to merge these two loadparm systems.