policies only work for admin group
Tim Gildersleeve
t.gildersleeve at bilk.ac.uk
Thu Mar 8 08:19:22 GMT 2001
Sorry, but in a way im glad to see that you are having this problem! I
have just given up on samba as a pdc for a small domain because of the
policies not working. I *need* to have working policies to lock down some
student machines and no matter what I do I cant get it working. So as a
last resort, I have had to go back to a WinNT Server PDC for authentication
and leave all the shares on the Samba server. I really hoped to get rid of
NT as server but - oh well, give it time and it will all be good in samba
PDC policy support.
Tim Gildersleeve
> -----Original Message-----
> From: Ben Liesfeld [SMTP:ben.liesfeld at gmx.de]
> Sent: Wednesday, March 07, 2001 12:58 PM
> To: samba-ntdom at us5.samba.org
> Subject: policies only work for admin group
>
> Hello,
>
> I recently moved from TNG 2.6 alpha back again to 2.2.alpha. I still
> got the problem with policies an NTws. Everything works fine but
> policies are only applied to members of the domain admin group
> defined in smb.conf. In the logs I see that normal users access the
> .pol, too, but they don't get the changes.
>
> I'll attach my smb.conf. Hast anybody got policies to work with
> 2.2.alpha?
>
> ----------smb.conf-------------
> ;
> ; /etc/smb.conf
> ;
> ;
> [global]
> status = yes
> message command = winpopup
> ; interfaces = 192.168.0.50
>
> security = user
> domain master = Yes
> domain admin group = @adm
> domain groups = adm, users, referenten, mdstura
> homedir map = /home
> domain logons = Yes
> printing = bsd
> logon path = \\%L\profiles\%U
> server string = File-Server des Studentenrates
> workgroup = Stura
> passwd chat = *password* %n\n *password* %n\n *Password*changed*
> logon script = scripts\%G.bat
> netbios name = zeus
> keep alive = 30
> kernel oplocks = false
> log file = /var/log/samba/log.%m
> log level = 2
>
> printcap name = /etc/printcap
> dns proxy = no
> ; logon home = \\%L\%U
> map to guest = Bad User
> passwd program = /usr/bin/passwd %u
> encrypt passwords = yes
> password level = 2
> unix password sync = yes
> guest account = nobody
> socket options = TCP_NODELAY
> load printers = yes
> username level = 2
> min passwd length = 3
> security = user
> os level = 65
> wins support = yes
>
> default case = yes
> time server = yes
> logon drive = m:
>
> [homes]
> comment = Heimatverzeichnis
> browseable = no
> read only = no
> force create mode = 0700
> force directory mode = 0700
>
> ;... lot's of shares
> [printers]
> comment = All Printers
> browseable = no
> printable = yes
> public = no
> read only = yes
> create mode = 0700
> directory = /tmp
>
> [profiles]
> path = /public/profile
> comment = Profile
> guest ok = yes
> browseable = no
> read only = yes
> write list = @adm, @root, @users
>
> [netlogon]
> path = /public/netlogon/
> browseable = yes
> read only = yes
> write list = @adm, root
> force group = adm
> case sensitive = no
> preserve case = yes
> default case = yes
> locking = no
> guest ok = no
> force directory mode = 0775
> force create mode = 0775
> ; writeable = no
>
>
> [print$]
> path = /public/printers
> guest ok = no
> browseable = yes
> read only = yes
> write list = @adm, root
>
>
>
>
> --
> Ben Liesfeld
> http://www.uni-jena.de/~p9libe/
> http://johnny.rhein.com
>
>
More information about the samba-ntdom
mailing list