[Samba] Re: roaming profile

Dragan Krnic dkrnic at lycos.com
Mon Sep 8 10:14:09 GMT 2003 

> I have followed the notes from Using Samba for 
> an XP client. However when I goto  create the 
> profile I get permission denide. However, as 
> you see below, the permissions I'm using 
> on /etc/samba/profiles is 777 so that is a 
> little confusing.
> ...............................
> root at Dwarf:/etc/samba# testparm /etc/samba/smb.conf

That wasn't necessary, Aschley. It would have been
better to just show us your smb.conf, not all the
defaults that smbd would assume. But before a smart
Alec quotes your whole posting all over again, here
is what I think is wrong:

> [global]
> .................
> 	logon script = %U.bat
> 	logon path = \\%L\etc\samba\profiles\%U
> 	logon drive = 
> 	logon home = \\%N\%U
> .................
> [homes]
> 	comment = Home Directories
> 	read only = No
> 	browseable = No
> 
> [netlogon]
> 	comment = Network Logon Service
> 	path = /etc/samba/netlogon
> 	guest ok = Yes
> 	share modes = No
> 
> [profiles]
> 	path = /etc/samba/profiles
> 	read only = No
> 	create mask = 0600
> 	directory mask = 0700
> 	browseable = No
> 	csc policy = disable

The profiles paths in [global] and in [profiles]
are contradictory. The [profiles] path is OK if
your profiles are on your samba server under
/etc/samba/profiles. But the logon path in [global]
should then be "\\%L\profiles\%U" because "profiles"
is the share not "/etc/samba/profiles", which is just
the path to it for samba to know what to export as
share "profiles".

The logon home is also ambiguous, unless your samba
server is itself the NIS server. It would better be
"\\%L\$U". 

> root at Dwarf:/etc/samba# ls -al
> total 68
> drwxr-xr-x  5 0/0  4096 Sep  5 22:57 .
> drwxr-xr-x 42 0/0  4096 Sep  4 14:20 ..
> drwxrwxrwx  2 0/0  4096 Aug  6 09:27 netlogon
> drwx------  2 0/0  4096 Aug  6 09:29 private
> drwxrwxrwx  2 0/0  4096 Sep  5 20:53 profiles
> -rw-r--r--  1 0/0  7201 Sep  5 20:52 smb.conf
> -rw-r--r--  1 0/0  9044 Mar 16 07:52 smb.conf-sample
> -rw-r--r--  1 0/0 23858 Aug 17 15:59 smb.conf.bak
> -rw-r--r--  1 0/0  4096 Sep  5 22:57 typescript

You don't really want 777 perms for netlogn and
profiles, 775 is OK if you don't mind everyone
being able to know what users there are, 771 is 
much better, because it prevents everyone else from 
even finding out what users there are and still 
everyone can get his roaming profiles if you set
proper perms on the individual subdirectories.


____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

More information about the samba mailing list