Sysvol not accessible to users


#1

I always thought that dcservername should be accessible to everyone on the domain. However when I browse to dcservername or dcservername.fqdn it asks me for a password and only allows with admin domain level account.

GPO’s apparently work for users, so I wonder whether I need to fix anything or not? I will also introduce some netlogon scripts which i understand (as per this post) would need to put in sysvol somewhere too.

Please let me know if I need to fix it and how. Thank you.


#2

I got confirmed, users on Microsoft AD (not our domain) can have access to sysvol. No access to sysvol for normal users on my domain. Please confirm this needs fixing and if you know how?


#3

Each and every domain user in a UCS domain should be able to log into each and every Samba server and list the shares available. I’ve just verified this to be the case in both my production and my test environments.

First you should verify that logging in from Linux works. ssh into your DC master and run:

smbclient -U '<yourdomain><normal-user>' -L $(hostname)

Replace with values appropriate for your situation. For my test environment I used the following:

smbclient -U 'mbu-testmbunkus' -L $(hostname)

If that doesn’t work, then you sould increate the debug log level on the Samba daemon on the same server and try logging in again:

smbcontrol smbd debug 3 smbclient -U '<yourdomain><normal-user>' -L $(hostname)

Then analyze the content of /var/log/samba/smbd.log. Post it here if you cannot make heads or tails of it.

Kind regards,
mosu