[Samba] roaming profile does not work for "Domain Admins"

L.P.H. van Belle belle at bazuin.nl
Thu Oct 30 09:12:26 MDT 2014 

and what does your windows pc event log tell us? 


>-----Oorspronkelijk bericht-----
>Van: micromegas at mail333.com 
>[mailto:samba-bounces at lists.samba.org] Namens ?icro MEGAS
>Verzonden: donderdag 30 oktober 2014 15:12
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] roaming profile does not work for "Domain Admins"
>
>Hello list,
>
>I am facing an issue which I cannot explain myself. The 
>roaming profiles don't work for users that are members of the 
>group "Domain Admins". The [profiles] share on the member 
>server was configured exactly as explained on the wiki for 
>roaming profiles. It works like a charm for all domain users, 
>*BUT*: if a user is member of the group "Domain Admins" it 
>*doesn't* :-( That means in detail:
>
>I create a new user "test1" and assign the correct profile 
>directory to that user (\\membersrv\profiles\test1). I add 
>this user also to the "MYDOM\Domain Admins" group. On the 
>windows client I login for the first time with "test1" user 
>and I watch the content of the linux filesystem on my member 
>server. As soon as "test1" is logged in on the client, a 
>directory membersrv:/srv/samba/profiles/test1 is created with 
>the appropriate mode and owner+group. Until here everything is 
>fine, but as soon as user "test1" logs off, *NO DATA IS 
>WRITTEN* into its roaming profile directory.
>
>When I remove that user "test1" from the group "Domain 
>Admins", so in result "test1" is not a member of "Domain 
>Admins" anymore, the roaming profile works like a charm as one 
>would expect. When the user logs off, data is written 
>correctly to its roaming profile.
>
>I don't suspect security issues on Windows or POSIX ACLs, 
>because the user "test1" can create directory "something" on 
>\\membersrv\profiles and inside \\membersrv\profiles\something 
>he is allowed to create subdirs or files. I don't think that's 
>the problem. I ensured that by putting "EVERYONE" to sharing 
>and security settings for the [profiles] share, but it didn't 
>help either.
>
>I cannot explain myself where this is related to. I'm stuck 
>here for many hours and have no clue where else to look at. 
>Any help really appreciated.
>
>Mirco
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list