Domain logon issue with Samba 3.0.20pre2 -> current 3.0.20rc2

Gerald (Jerry) Carter jerry at
Fri Aug 19 23:11:56 GMT 2005

Hash: SHA1

Andrew Bartlett wrote:

> I'm locked out of the network, and I can't get windows 
> update to behave for me.  (I'm assuming I have a proxy
> problem or similar).
> The purpose of this Samba update (which I try not to do often, 
> as we use almost *every* aspect of Samba, so do find
> issues) was because I knew there were announced issues with
> windows security updates and older Samba revisions... :-)

Here's the scoop.  The change is in r6895.  It is a necessary
and correct change.  In the absence of a real ReadOnly dos
attribbute we have to approximate it.  Previously we were marking
a file as read-only based on the file ownership.  Now we
approximate it based on the sum of group permissions.

The fix is to ensure that NTUSER.MAN is not marked with the
DOS reqadonly attribute.  DOn't ask me why Windows cares
when this is a mandatory profile.  So either set 'acl check
permissions = no' or actually store the dos attribute in EA's
and make sure the read only attribute is unset on that one

Crazy afternoon.  3.0.20 is still on its way then.

cheers, jerry
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list