System Policy Problems
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Feb 2 18:52:29 GMT 1999
On Tue, 2 Feb 1999, Jamie ffolliott wrote:
> > here are the relevant parts of the smb.conf
> > [netlogon]
> > comment = TAG DC Automatic Software Downloads
> > preexec = exec /usr/local/samba/bin/smblogin.sh '%L' '%m' '%U'
> > '%G' '%a' '%T'
> > path = /usr/local/samba/smb_logins
> > writable = no
> > guest ok = yes
> > create mask = 0775
> > browseable = yes
> You'll need: "locking = no" for policies to work. It's in the ntdom faq ;)
> We also have "writable = yes" on our system so we can edit the logon script
> and default user profile from a desktop, but that shouldn't be necessary.
this is a security risk, you can have ordinary users creating scripts for
other users (including, say administrator). bad idea. if you must do
this, have "write users = xxxx" where xxxx is an admin.
More information about the samba-ntdom