[Samba] Profiles XP and Service Pack 1
Hans Wurst
WasteBin at gmx.ch
Tue Sep 10 12:48:01 GMT 2002
Hi Trevor,
thanks for your fast response, but I think I was not clear enough: we do not
have
a samba PDC but a Windows 2000 controlled Active Directory Installation,
where
the samba servers act as standalone file-servers. They have successfully
joined
the Win-Domain and use the win servers for password verfification. Users
are
created manually on the linux servers (without a valid shell) and group
memberships are used to allow / deny access to certain shares - independent
from the win domain.
The problem seems to be that the "NT ACL SUPPORT = no" option is not
tolerated
anymore by XP after upgrade to service pack one. We, however, depend on that
option to get the profile shares working (because we do not use winbind to
create
users).
We will try whether the registry patch make a difference, and I will let you
know.
Cheers
HW
> Two things come to mind. Try re-apply the XP sign or seal patch, and
> delete
> the relevant entries in /etc/passwd & shadow, /etc/samba/smbpasswd and
> rejoin the domain. See e-mail from me with subject:
>
> Re:[Samba] Joining domain XP
>
> It explains an easy approach to automate joining the domain.
>
> Chow, Trevor.
>
> ----- Original Message -----
> From: "Hans Wurst" <WasteBin at gmx.ch>
> To: <samba at lists.samba.org>
> Sent: Tuesday, September 10, 2002 1:00 PM
> Subject: [Samba] Profiles XP and Service Pack 1
>
>
> > Hi List,
> >
> > we have a 130+ PC network running windows XP on the clients, with
> win2000
> > and
> > samba servers (SuSE 7.3 distribution rpm for samba 2.2.3 and SuSE 8.0
> > selfcompiled samba 2.2.5).
> > The windows servers just authenticate the users, and provide some
> additional
> >
> > services (Terminal Server and some special software packages). Print-
> and
> > File-
> > services are provided by the samba servers.
> > We use roaming profiles that are stored on the samba servers. Up to now
> we
> > did
> > not have any problems with that - at least after I found out that you
> must
> > disable
> > NT ACL support on the profile shares.
> > Now we installed XP service pack 1 on one client - and the client can
> not
> > access
> > the profile anymore. It complains about not owning the share or not
> being
> > member of the Administrator group (even though we tried with an domain
> admin
> >
> > account).
> >
> > Has anybody an idea whether this problem can be solved with the current
> > samba
> > version (and how)? Or has anybody made the same / different experiences?
> >
> > Thanks for your help
> >
> > HW
> >
> >
> > Here is a part of smb.conf
> >
> > # Samba config file created using SWAT
> > # from XXXXXXXX (XXX.XXX.XX.XXX)
> > # Date: 2002/09/10 12:51:06
> >
> > # Global parameters
> > [global]
> > workgroup = XXX
> > netbios name = XXX
> > server string = Samba XX XX
> > security = DOMAIN
> > encrypt passwords = Yes
> > map to guest = Bad User
> > password server = xxx.xxx.xxx.xxx
> > passwd program =
> > passwd chat =
> > name resolve order = bcast lmhosts host wins
> > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> > character set = ISO8859-15
> > os level = 2
> > preferred master = False
> > local master = No
> > domain master = False
> > kernel oplocks = No
> > host msdfs = Yes
> > winbind uid = 10000-20000
> > winbind gid = 20000-30000
> > printer admin = xxxx
> > printing = lprng
> >
> >
> > [profiles]
> > path = /home/profiles
> > read only = No
> > create mask = 0700
> > directory mask = 0700
> > nt acl support = No
> >
> > --
> > GMX - Die Kommunikationsplattform im Internet.
> > http://www.gmx.net
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
More information about the samba
mailing list