[Samba] Re: Profile privelege problem **Solved**

Bill.Light at kp.org Bill.Light at kp.org
Tue Dec 16 17:50:39 GMT 2003


> ...
> I used the latest and greatest SuSE 9.0 Professional...
> I then installed all the latest patches via YaST.  That 
> gives me a kernel of 2.4.21 (-144 in SuSE speak) and 
> Samba 2.2.8a
>
> I had the configuration backed up on another box, so I 
> used that as the base for Samba 2.2.8a.  I have tried 
> chmod, chown of various directories, making profile 
> world readable, writeable, executeable, all to no avail.
> have tried commenting out various lines as suggested by 
> other posts...also to no avail.
> 
> W2K reports it can not find roaming profile, and then 
> also reports it can not find a local profile, and signs 
> the user (any user) on with a "temp" profile.  All drive 
> mappings are available, just no profiles, recent lists, etc...
>
> Samba log is showing:  api_samr_set_userinfo: Unable to 
> unmarshall SAMR_SET_Q_USERINFO
>
> bumping the samba log level, verifies that I am going after 
> the user profile and I am "dying" because of lack of 
> priveleges....yet I can ssh into the box as a user and read 
> or touch or execute anything I want !?

Must be something trivial, but whoever wants to help you will
need your smb.conf to see how you set it up. I can suggest
relevant options how I handle the profiles:

[global]
   ...
   logon path = \\p90.p1.n.d.d\profiles\%U
   domain logons = Yes
   create mask = 0664
   directory mask = 0775
   ...

[profiles]
   path = /local/profiles
   valid users = %U
   read only = No
   inherit permissions = No
   security mask = 0777
   directory security mask = 0777
   browseable = No
   csc policy = disable


My Samba server is a PDC for the domain with wins and all.
It runs SuSE 8.2 (kernel 2.4.20-86) but that shouldn't matter.
The permissions on user profile directories are all "drwx--S--".
All directories belong to individual users, group "users".

If you can't recognize what your problem is, enclose smb.conf
next time.

==============================================================

Thanks Dragan !

It got me looking again...if I deleted the profile, and re-declared it, 
the user works OK.  After declaring a new user, logging off and then back 
on again - it works great ?!  After digging again, I found that in the 
samba/profiles directory are two files, ntuser.dat and ntuser.dat.log that 
must contain some sort of SID for the machine.

I guess the "key" was, the fact that I had an existing installation and 
had copied too much "stuff" from the backups.  So, the remedy ended up 
being just deleting those two "ntuser" files for each user.  They lose 
their precious desktop for W2K, but everthing else is intact.

Thanks again !

- Bill


More information about the samba mailing list