policies only work for admin group
Tim Gildersleeve
t.gildersleeve at bilk.ac.uk
Thu Mar 8 14:26:01 GMT 2001
The client machines are currently using policies from an nt server. You do
not need to use poledit to tell them where to find the policies, they will
always look in netlogon. And yes the netlogon share exists - they are
loading login scripts from there. Poledit is only to create the policies
you certainly do not need to use it on the client machines. YOu do not
either have to do so in user manager for domains. Nevertheless, the
policies work fine with an NT domain but not with a samba one. This is
samba-2.0.7 and samba-2.2.0alpha2 (cvs). Possibly the reason is that they
have worked at some time but no longer do for new networks. Also I have had
them working for win95 but not winnt.
> -----Original Message-----
> From: Simo Sorce [SMTP:simo.sorce at polimi.it]
> Sent: Thursday, March 08, 2001 8:34 AM
> To: Tim Gildersleeve
> Cc: 'Ben Liesfeld'; samba-ntdom at us5.samba.org
> Subject: RE: policies only work for admin group
>
> I've used policies for many years now and they work without any problem,
> with samba pdc (2.0.7), you must have had misconfigurations as they work.
> have you created the netlogon share on the samba server? have you copied
> your policies there? Have you enabled policies on the client machine?
> (Thrue user manager?) Have you run poledit on the client to tell the
> machine where to find policies?
>
> On Thu, 8 Mar 2001, Tim Gildersleeve wrote:
>
> > Sorry, but in a way im glad to see that you are having this problem! I
> > have just given up on samba as a pdc for a small domain because of the
> > policies not working. I *need* to have working policies to lock down
> some
> > student machines and no matter what I do I cant get it working. So as
> a
> > last resort, I have had to go back to a WinNT Server PDC for
> authentication
> > and leave all the shares on the Samba server. I really hoped to get rid
> of
> > NT as server but - oh well, give it time and it will all be good in
> samba
> > PDC policy support.
> >
> > Tim Gildersleeve
> >
> > > -----Original Message-----
> > > From: Ben Liesfeld [SMTP:ben.liesfeld at gmx.de]
> > > Sent: Wednesday, March 07, 2001 12:58 PM
> > > To: samba-ntdom at us5.samba.org
> > > Subject: policies only work for admin group
> > >
> > > Hello,
> > >
> > > I recently moved from TNG 2.6 alpha back again to 2.2.alpha. I still
> > > got the problem with policies an NTws. Everything works fine but
> > > policies are only applied to members of the domain admin group
> > > defined in smb.conf. In the logs I see that normal users access the
> > > .pol, too, but they don't get the changes.
> > >
> > > I'll attach my smb.conf. Hast anybody got policies to work with
> > > 2.2.alpha?
> > >
> > > ----------smb.conf-------------
> > > ;
> > > ; /etc/smb.conf
> > > ;
> > > ;
> > > [global]
> > > status = yes
> > > message command = winpopup
> > > ; interfaces = 192.168.0.50
> > >
> > > security = user
> > > domain master = Yes
> > > domain admin group = @adm
> > > domain groups = adm, users, referenten, mdstura
> > > homedir map = /home
> > > domain logons = Yes
> > > printing = bsd
> > > logon path = \\%L\profiles\%U
> > > server string = File-Server des Studentenrates
> > > workgroup = Stura
> > > passwd chat = *password* %n\n *password* %n\n
> *Password*changed*
> > > logon script = scripts\%G.bat
> > > netbios name = zeus
> > > keep alive = 30
> > > kernel oplocks = false
> > > log file = /var/log/samba/log.%m
> > > log level = 2
> > >
> > > printcap name = /etc/printcap
> > > dns proxy = no
> > > ; logon home = \\%L\%U
> > > map to guest = Bad User
> > > passwd program = /usr/bin/passwd %u
> > > encrypt passwords = yes
> > > password level = 2
> > > unix password sync = yes
> > > guest account = nobody
> > > socket options = TCP_NODELAY
> > > load printers = yes
> > > username level = 2
> > > min passwd length = 3
> > > security = user
> > > os level = 65
> > > wins support = yes
> > >
> > > default case = yes
> > > time server = yes
> > > logon drive = m:
> > >
> > > [homes]
> > > comment = Heimatverzeichnis
> > > browseable = no
> > > read only = no
> > > force create mode = 0700
> > > force directory mode = 0700
> > >
> > > ;... lot's of shares
> > > [printers]
> > > comment = All Printers
> > > browseable = no
> > > printable = yes
> > > public = no
> > > read only = yes
> > > create mode = 0700
> > > directory = /tmp
> > >
> > > [profiles]
> > > path = /public/profile
> > > comment = Profile
> > > guest ok = yes
> > > browseable = no
> > > read only = yes
> > > write list = @adm, @root, @users
> > >
> > > [netlogon]
> > > path = /public/netlogon/
> > > browseable = yes
> > > read only = yes
> > > write list = @adm, root
> > > force group = adm
> > > case sensitive = no
> > > preserve case = yes
> > > default case = yes
> > > locking = no
> > > guest ok = no
> > > force directory mode = 0775
> > > force create mode = 0775
> > > ; writeable = no
> > >
> > >
> > > [print$]
> > > path = /public/printers
> > > guest ok = no
> > > browseable = yes
> > > read only = yes
> > > write list = @adm, root
> > >
> > >
> > >
> > >
> > > --
> > > Ben Liesfeld
> > > http://www.uni-jena.de/~p9libe/
> > > http://johnny.rhein.com
> > >
> > >
> >
> >
>
> --
> Simo Sorce - Linux Systems Consultant
> E-mail: simo.sorce at polimi.it
> Tel: +39 0348 7149179 - Fax: +39 02 700442399
> -----------------------------------------------------------------
> Be happy, use Linux!
>
More information about the samba-ntdom
mailing list