policies only work for admin group

Simo Sorce simo.sorce at polimi.it
Thu Mar 8 08:34:14 GMT 2001 

I've used policies for many years now and they work without any problem,
with samba pdc (2.0.7), you must have had misconfigurations as they work.
have you created the netlogon share on the samba server? have you copied
your policies there? Have you enabled policies on the client machine?
(Thrue user manager?) Have you run poledit on the client to tell the
machine where to find policies?

On Thu, 8 Mar 2001, Tim Gildersleeve wrote:

> Sorry, but in a way im glad to see that you are having this problem!   I
> have just given up on samba as a pdc for a small domain because of the
> policies not working.  I *need* to have working policies to lock down some
> student machines and no matter what I do I cant get it working.   So as a
> last resort, I have had to go back to a WinNT Server PDC for authentication
> and leave all the shares on the Samba server.  I really hoped to get rid of
> NT as server but - oh well, give it time and it will all be good in samba
> PDC policy support.
>
> Tim Gildersleeve
>
> > -----Original Message-----
> > From:	Ben Liesfeld [SMTP:ben.liesfeld at gmx.de]
> > Sent:	Wednesday, March 07, 2001 12:58 PM
> > To:	samba-ntdom at us5.samba.org
> > Subject:	policies only work for admin group
> >
> > Hello,
> >
> >   I recently moved from TNG 2.6 alpha back again to 2.2.alpha. I still
> >   got the problem with policies an NTws. Everything works fine but
> >   policies are only applied to members of the domain admin group
> >   defined in smb.conf. In the logs I see that normal users access the
> >   .pol, too, but they don't get the changes.
> >
> >   I'll attach my smb.conf. Hast anybody got policies to work with
> >   2.2.alpha?
> >
> > ----------smb.conf-------------
> > ;
> > ; /etc/smb.conf
> > ;
> > ;
> > [global]
> >         status = yes
> >         message command = winpopup
> > ;       interfaces = 192.168.0.50
> >
> >         security = user
> >         domain master = Yes
> >         domain admin group = @adm
> >         domain groups = adm, users, referenten, mdstura
> >         homedir map = /home
> >         domain logons = Yes
> >         printing = bsd
> >         logon path = \\%L\profiles\%U
> >         server string = File-Server des Studentenrates
> >         workgroup = Stura
> >         passwd chat = *password* %n\n *password* %n\n *Password*changed*
> >         logon script = scripts\%G.bat
> >         netbios name = zeus
> >         keep alive = 30
> >         kernel oplocks = false
> >         log file = /var/log/samba/log.%m
> >         log level = 2
> >
> >         printcap name = /etc/printcap
> >         dns proxy = no
> > ;       logon home = \\%L\%U
> >         map to guest = Bad User
> >         passwd program = /usr/bin/passwd %u
> >         encrypt passwords = yes
> >         password level = 2
> >         unix password sync = yes
> >         guest account = nobody
> >         socket options = TCP_NODELAY
> >         load printers = yes
> >         username level = 2
> >         min passwd length = 3
> >         security = user
> >         os level = 65
> >         wins support = yes
> >
> >         default case = yes
> >         time server = yes
> >         logon drive = m:
> >
> > [homes]
> >    comment = Heimatverzeichnis
> >    browseable = no
> >    read only = no
> >    force create mode = 0700
> >    force directory mode = 0700
> >
> > ;... lot's of shares
> > [printers]
> >    comment = All Printers
> >    browseable = no
> >    printable = yes
> >    public = no
> >    read only = yes
> >    create mode = 0700
> >    directory = /tmp
> >
> > [profiles]
> >   path = /public/profile
> >   comment = Profile
> >   guest ok = yes
> >   browseable = no
> >   read only = yes
> >   write list = @adm, @root, @users
> >
> > [netlogon]
> >   path = /public/netlogon/
> >   browseable = yes
> >   read only = yes
> >   write list = @adm, root
> >   force group = adm
> >   case sensitive = no
> >   preserve case = yes
> >   default case = yes
> >   locking = no
> >   guest ok = no
> >   force directory mode = 0775
> >   force create mode = 0775
> > ;  writeable = no
> >
> >
> > [print$]
> >   path = /public/printers
> >   guest ok = no
> >   browseable = yes
> >   read only = yes
> >   write list = @adm, root
> >
> >
> >
> >
> > --
> > Ben Liesfeld
> > http://www.uni-jena.de/~p9libe/
> > http://johnny.rhein.com
> >
> >
>
>

-- 
Simo Sorce - Linux Systems Consultant
E-mail: simo.sorce at polimi.it
Tel: +39 0348 7149179 - Fax: +39 02 700442399
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-ntdom mailing list