Roaming Profiles, 2.2 and security = user, a small problem

David Schwarz dave at
Wed May 2 12:26:49 GMT 2001

Hi guys,

What I would like to do is know if it is possible to turn off the generation of the support of ACLs
on the NTProfile share / ( Any Share) only?

The background:

Deakin has a custom setup in that we have two enviroments that use applications from out samba server,
One enviroment uses a version of NISGINA, on Win2000.
The other enviroment uses an NT4 Server.
Samba is running on Sun Hardware

We have an in house process that ensures that the encrypted passwords are syncd between the NTserver
and the Samba server.

We use Security=USER

We have roaming profiles being served from the Samba server under 2.0x

Everything works fine.

The Problem:

With the testing of Samba 2.2 we have come across a problem.
Samba 2.2 seems to associate SIDs with the ACLs on every file in the NTProfile.

This means that once the profile is downloaded from the 2.2 samba server, the permissions are
totaly wrong on the desktop machine, and the profile is unreadable.

We know can fix the problem by using Security = Domain, and pointing to a Password server.
This works fine, it just breaks all the NISGINA machines. (~1000 machines)

We guess we can fix it by turning off ACL support when we do the build, although we have not tested this.

Any ideas, or have I missed a realy simple configuration method.


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-ntdom mailing list