[Samba] roaming cache and nt acl support

William Jojo jojowil at hvcc.edu
Wed Mar 13 06:50:14 GMT 2002 

Actually it doesn't - in 2.2.1 there was added support for W2k-SP2
clients. In 2.2.2 there was added support for nt acl support being mapped
"closer" to POSIX style ACLs and making available on a "per share" basis.

All I'm saying is when I turn it off in post 2.2.1 samba code, my local
profile copies on the client get removed by virtue of "DeleteRoamingCache"
and "CachedLogonsCount" registry entries. If I turn it on, it no longer
works properly. This implies that the local NT copy has permissions that
are all messed up from my point of view since I cannot remove the profile
copy even as Administrator.

So whatever is being sent from the Samba server is making it extremely
difficult to remove the locally stored profile copies when the default
setting of "nt acl support = yes" is used.

As I said previously, it's in 2.2.2, 2.2.3a and 2.2.4-pre that this
happens, but not in 2.2.1a when SP2 was first supported.

Is this normal, or am I just losing my mind?

Bill



On Wed, 13 Mar 2002, Michael Joyner wrote:

> This has to do with SP2 applied to W2K.
> 
> You have to have your profile server be a part of the domain vs running 
> in security=server or security=user modes if you want to use nt acls.
> 
> William Jojo wrote:
> 
> > 
> > Howdy!
> > 
> > Got a wierd one here....
> > 
> > on 2.2.1a with "nt acl support = yes" I do not seem to have any
> > problems...
> > 
> > however, when I do 2.2.2, I get issues with deleting roaming cache in
> > Windows 2000/SP2 on logoff...but, when I set "nt acl support =
> > no" everything is way cool.
> > 
> > now on 2.2.3a it does the same thing and on 2.2.4-pre also does the same
> > thing.
> > 
> > The issue with this is it appears that even the Administrator cannot
> > remove locally cached profiles from the PC without jumping through a large
> > series of hoops (by way of permissions). For example
> > rt-click/properties/security/advanced/take ownership/allow
> > inheritable....blah blah blah....
> > 
> > but, like I said set "nt acl support = no" and it's happy as a clam (the
> > previously unremovable will remain, the new profiles are removed as
> > expected)
> > 
> > So I guess my questions are:
> > 
> > 1) Is this normal behaviour for "nt acl support = yes"?
> > 2) Should I be setting it to no?
> > 3) Is it a bug introduced at 2.2.2?
> > 
> > 
> > I can get a dump together if someone would like me to...
> > 
> > 
> > Bill
> > 
> > 
> > 
> > 
> 
> 
>

More information about the samba-technical mailing list