[Samba] Profiles XP and Service Pack 1

Hans Wurst WasteBin at gmx.ch
Fri Sep 13 07:02:01 GMT 2002 

Hi Andrew, Hi list 
 
thank you very much for your comment, after changing the ownership of the 
profile files on the server to an domain admin everything works fine again.
So, the 
quick solution is working smoothly.  
 
It leaves the following questions: 
Either we give every user his/her own private group and set the file
ownership for 
the profile to  admin.privategroup, or everybody can modify other people's 
profiles. Or we change the setup to winbind, which possibly results in the
same 
user having different userids on different samba servers - not a solution
for us, 
because we mirror all servers to a backup server and expect the userids to
be 
consistent. 
Is there a solution for this (i.e. a fancy way to ensure consistent unix
uids on 
different serves even when running winbind)? What happens if /etc/passwd 
/etc/shadow /etc/group are copied from a server running  winbind to other
samba 
servers (not running winbind)? 
Maybe the private unix groups is the way to go for the moment.   
Again, thanks a lot 
 
HW 
 
 
>Hans Wurst wrote: 
>> 
>> Hi Trevor, Hi list 
>> 
>> the registry patch did not have an influence - neither did changing 
>> the shares ownership from root to a domain admin. Perhaps sombodey can 
>> help me with the 
>> 
>> comment in the Win2kSP2 readme - Why is  "NT ACL support = no" not 
>> neccessary when winbind is used to create users? And again, any 
>> further feedback is greatly 
>> appreciated. 
> 
>The only reason to ever set 'nt acl support = no' is if the SIDs that Samba

>returns as owning the files is invalid (to the client).  This occurs on
standalone 
>Samba servers, and Samba servers that are members of a domain but not 
>running Winbind. 
> 
>So, this setting is not necessary on a Winbind-based installation. 
> 
>The reason we need this setting at all is because Win2k/WinXP make
additional 
>checks on the files.  Furthermore, it appears that WinXP SP1 no longer
allows 'no 
>acl support' as a valid option (As win2k SP2 did) on a profile share - the
files 
>*must* be owned by either an administrator or the user themselves. 
> 
>Andrew Bartlett 
 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

More information about the samba mailing list