Working on LDAP support in HEAD

Gerald Carter gcarter at
Fri May 12 20:55:29 GMT 2000

Inge-Håvard Hunstad wrote:
> It seems that in my setup, with mandatory profiles and a 
> reg hack to delete local profiles, the rid is of no importance. 

This must be related to mandatory profiles then.  Here is 
the behavior that I have just noticed.

* If the NT client is unable to read the domain user's profile,
  then the default profile is used, which the permissions are

 	Everyone 	Read
	Administrators	Full
	System		Full

Here's how I verified this.

* Take user1's profile and check the permissions

	DOMAIN\user1	Full
	Administrators	Full
	System		Full

* Now copy that to another user2's profile.  Permissions 
  remain the same.

* User2 was unable to use the profile until I added 

	DOMAIN\user2	Full

to the permissions list.  Note that the unavailable profile
hive was loaded, though it was just inaccessible.

Seems like we always go through these discussions about 
Windows NT user profiles.  :-)

Anybody want to comment on this?

[background : discussion on RID allocation in LDAP
backend and migration from an existing NT domain
(samba controlled or otherwise)]

   /\  Gerald (Jerry) Carter                     Professional Services
 \/    VA Linux Systems  gcarter at      SAMBA Team            jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list