Group Policies

Ryan Booz ryanbooz at alumni.psu.edu
Wed Sep 22 03:01:32 GMT 1999 

I was told that this mailing list might be a good place to get some
answers that another one I'm on couldn't answer.

I am using Samba to serve a small Christian school in PA, and we went
for it mostly because of the cost - how much better than free can you
get!  I've been very pleased with it, as it's my first server setup.
Learned a lot and have gotten a lot of help.  However, with everything
that I've been able to do, one thing I've never been able to get working
is Group Policies in the Config.pol file.

I've just now realized that windows isn't even recognizing the group.
My login batch files are run by Samba by groups, but since that's a
server side thing, the win95/98 machines don't really need that.  AFter
that point, it just doesn't appear that the windows machines are
getting/pulling/seeing (don't know what it's called) the groups that the
username is associated with.  Individual user policies it uses fine,
even computer policies.  Each machine is set up for group policies, and
I've hand checked all of them by looking/changing the registry if
needed.

The it's in the [Netlogon] share, readable by all, but not writable.
Locking is off.  Really, I've tried everything I know of or have read to
get the Windoze machines to "grab" the group polices.  And no, the
groups I'm trying to grab do not have user or computer policies.  So, at
the moment, all of the students are getting the default user policy.

If anyone has suggestions I would love to hear them.  Trust me, after
two months of searching for an answer, I'll try anything!  I'll include
a copy of my smb.conf file below, although I think it's a little old,
but the [global] and [netlogon] have pretty much stayed the same.  I'm
at home and only have a copy from last week, and a few things have been
added since

Thank you!
Ryan Booz
Belleville Mennonite School Tech Coordinator

================== smb.conf ===================

# Samba config file created using SWAT
# from 192.168.0.54 (192.168.0.54)
# Date: 1999/09/11

# Global parameters
[global]
    workgroup = LAB
    netbios name = SERVER
    server string = Samba Server
    security = user
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n *passwd:*all*authentication*tokens*updated*successfully*
    unix password sync = Yes
    log level = 1
    log file = /var/log/samba/log.%m
    max log size = 50
    name resolve order = wins lmhosts bcast
    socket options = TCP_NODELAY SO_KEEPALIVE
    load printers = no
    domain logons = Yes
    os level = 33
    preferred master = yes
    domain master = yes
    logon home = \\server\%U
    logon path = \\%L\%U\profile
    logon script = %G.bat
    wins support = yes
    wins proxy = yes
    dns proxy = no
    preserve case = yes
    short preserve case = no
    default case = lower
    case sensitive = no
;    hosts allow = 192.168.0. 127.
    comment = samba server
    encrypt passwords = no
    max disk size = 10
    keep alive = 60
    locking = no


[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    admin users = root booz leon
    hide dot files = yes
    create mask = 0775
    directory mask = 0775

[netlogon]
    comment = Network Logon Service
    path = /home/samba/netlogon
    guest ok = yes
    writeable = no
    browseable = No
    locking = No
    share modes = No
    write list = root booz leon

[Profiles]
    path = /pchome/%U/profiles
    writable = yes
    guest ok = Yes
    browseable = no

[admin]
    comment = Root on server
    path = /
    public = no
    valid users = root booz leon
    admin users = root booz leon
    writeable = yes
    printable = no
    browsable = no
    create mask = 0775

[tmp]
    comment = Temporary file space
    path = /pchome/tmp
    read only = No
    guest ok = Yes
    create mask = 0766

[scripts]
    path = /home/samba/netlogon
    username = booz root
    admin users = booz root
    read list = booz root
    write list = booz root
    browsable = no

[adm_temp]
   path = /pchome/adm_temp
   comment = Administration temp directory
   read only = no
   guest ok = no
   browsable = no
   write list = root booz leon

[wp]
    path = /pchome/classes/wp
    force group = wp
    force create mode = 0744
    browseable = No

[comp_app]
   path = /pchome/classes/comp_app
   writable = no
   write list = booz leon root
   browsable = no

[atrt]
   path = /pchome/classes/atrt
   browsable = no
   writable = yes
   guest ok = yes
   force create mode = 0777
   force directory mode = 0777
   oplocks = no

More information about the samba mailing list