[Samba] Profiles XP and Service Pack 1

Andrew Bartlett abartlet at samba.org
Thu Sep 12 23:05:01 GMT 2002

Hans Wurst wrote:
> Hi Trevor, Hi list
> the registry patch did not have an influence - neither did changing the
> shares
> ownership from root to a domain admin. Perhaps sombodey can help me with the
> comment in the Win2kSP2 readme - Why is  "NT ACL support = no" not
> neccessary
> when winbind is used to create users? And again, any further feedback is
> greatly
> appreciated.

The only reason to ever set 'nt acl support = no' is if the SIDs that
Samba returns as owning the files is invalid (to the client).  This
occurs on standalone Samba servers, and Samba servers that are members
of a domain but not running Winbind.  

So, this setting is not necessary on a Winbind-based installation.

The reason we need this setting at all is because Win2k/WinXP make
additional checks on the files.  Furthermore, it appears that WinXP SP1
no longer allows 'no acl support' as a valid option (As win2k SP2 did)
on a profile share - the files *must* be owned by either an
administrator or the user themselves.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list