Working on LDAP support in HEAD
Gerald Carter
gcarter at valinux.com
Fri May 12 20:55:29 GMT 2000
Inge-Håvard Hunstad wrote:
>
> It seems that in my setup, with mandatory profiles and a
> reg hack to delete local profiles, the rid is of no importance.
This must be related to mandatory profiles then. Here is
the behavior that I have just noticed.
* If the NT client is unable to read the domain user's profile,
then the default profile is used, which the permissions are
Everyone Read
Administrators Full
System Full
Here's how I verified this.
* Take user1's profile and check the permissions
DOMAIN\user1 Full
Administrators Full
System Full
* Now copy that to another user2's profile. Permissions
remain the same.
* User2 was unable to use the profile until I added
DOMAIN\user2 Full
to the permissions list. Note that the unavailable profile
hive was loaded, though it was just inaccessible.
Seems like we always go through these discussions about
Windows NT user profiles. :-)
Anybody want to comment on this?
[background : discussion on RID allocation in LDAP
backend and migration from an existing NT domain
(samba controlled or otherwise)]
Cheers,
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list