moving from NT-Server to Samba

Paul J Collins pjdc at
Tue Jul 18 17:27:33 GMT 2000

>>>>> "Peter" == Peter Samuelson <peter at> writes:

    Peter> I'm betting this is a consequence of profile permissions.
    Peter> You see, user profiles actually store account permissions
    Peter> (of who is allowed to use the profile) *inside* the file,
    Peter> rather than just relying on the file permissions.  Not only
    Peter> that, but they store this info using the user SID, not the
    Peter> username, so when you switch to a different domain (the
    Peter> Samba domain), you get different users.

Er, not quite.  A profile is a tree of files & directories (whose
ownership and permissions are significant); one of these files is
NTUSER.DAT.  That file is a registry hive, and the ACLs on the keys in
it of course refer to the owner's SID.  You can work on Registry ACLs
using REGEDT32; you have to mount the hives on some existing part of
the Registry in order to work on them.

However, your suggestion sounds like a lot less hassle.


Paul Collins <pjdc at> - - - - - - - [ A&P,a&f ]
 GPG: 0A49 49A9 2932 0EE5 89B2  9EE0 3B65 7154 8131 1BCD
 PGP: 88BA 2393 8E3C CECF E43A  44B4 0766 DD71 04E5 962C
"Where?  Where is the town?  Now it's nothing but flowers!"

More information about the samba-ntdom mailing list