[Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?

Jason Norred jnorred at norredtech.com
Wed Feb 26 04:24:56 GMT 2003


I'm having a similiar problem on my 2.2.7 PDC. If my users are not
listed in the domain admin group, then they have very restricted access
to the windows registry when the login. Most of their programs will not
work at all. I'm not sure at this point what the solution is. I want to
see if there is a way to do something like add their DOMAIN user account
to the LOCAL machines POWER USER group. I'm going to give it a shot in
the morning. 

Do you have your /home issue fixed yet? I would be happy to help you
with that if you are still having problems.

If anyone has any ideas or suggestions about my registry permissions,
let me know...

Thanks,
Jason N.




On Tue, 2003-02-25 at 05:51, richard wrote:

> Hi, Don't know if this is relevant but I read somewhere that including
> below in [global] makes Samba do strange things? I believe this is a
> "share" parameter? If this helps please post your results.
> 
> profile acls = Yes
> 
> Richard.
> 
> On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote:
> > Hi all! First off, I'd like to thank you for the help you've previously 
> > given me. I'd like to state a few of the problems I am now experiencing, 
> > and you all can provide insight. I've read all the documentation I can find 
> > and have surfed the archives for this newsgroup, but to no avail. Any help 
> > would be greatly appreciated!
> > 
> > (I am using SAMBA 2.2.7)
> > 
> > Issue 1: If I don't have every user listed in the admin users = section that 
> > I want to allow logon access, they cannot log on. I usually get a domain 
> > unavailable error.
> > 
> > Issue 2: If I don't set up each user account (w/ domain) on the WinXP 
> > machine I want to logon to, I get some kind of very, very limited logon. It 
> > almost seems to be corrupted.
> > 
> > Issue 3: This is my main frustration - I cannot seem to block access to 
> > other peoples shares! EG user chrisg can access the nolan share, etc.
> > 
> > Final Issue: Not a big problem, but I can't figure out how to set up the 
> > CUPS drivers for the pdf-generator.
> > 
> > Is it a winbind problem, bad config, or am I just a moron?
> > 
> > Attached is my smb.conf
> > 
> > # Samba config file created using SWAT
> > # from gridlock.workgroup.net (192.168.0.5)
> > # Date: 2003/02/24 18:08:30
> > 
> > # Global parameters
> > [global]
> >         netbios name = MAIN
> >         server string = Samba Server %v
> >         encrypt passwords = Yes
> >         passwd program = /usr/bin/passwd %u
> >         passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password
> > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p
> > asswd: *all*authentication*tokens*updated*succesfully*
> >         unix password sync = Yes
> >         log level = 1
> >         log file = /var/log/samba/log.%m
> >         max log size = 50
> >         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU
> > F=8192 SO_SNDBUF=8192
> >         printcap name = cups
> >         domain admin group = @admins
> >         add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin
> > /false -M %u
> >         logon script = %U.bat
> >         logon path = \\main\profiles\%U
> >         logon drive = Z:
> >         logon home = \\main\%U\.profile
> >         domain logons = Yes
> >         os level = 99
> >         domain master = Yes
> >         dns proxy = No
> >         wins support = Yes
> >         winbind uid = 10000-20000
> >         winbind gid = 10000-20000
> > ;       valid users = ahayes root danielleg chrisg rickg nolan
> >         admin users = root nolan chrisg rickg danielleg alyssag
> >         printer admin = nolan root
> >         hosts allow = 192.168.0. 127.
> > ;       profile acls = Yes
> >         printing = cups
> > 
> > [homes]
> >         comment = Home Directory for %u
> >         read only = No
> >         create mask = 0660
> >         directory mask = 0770
> >         browseable = No
> >         oplocks = No
> >         level2 oplocks = No
> > 
> > [netlogon]
> >         comment = Network Logon Service
> >         path = /var/lib/samba/netlogon
> >         write list = root nolan
> > 
> > [profiles]
> >         path = /var/lib/samba/profiles
> >         read only = No
> >         create mask = 0600
> >         directory mask = 0700
> >         guest ok = Yes
> >         browseable = No
> >         csc policy = disable
> > 
> > [printers]
> >         comment = All Printers
> >         path = /var/spool/samba
> >         printer admin = root nolan
> >         guest ok = Yes
> >         printable = Yes
> >         browseable = No
> > 
> > [print$]
> >         comment = Printer Drivers
> >         path = /etc/samba/drivers
> >         write list = root nolan
> > 
> > [pdf-generator]
> >         comment = PDF Generator (only valid users!)
> >         path = /var/tmp
> >         printable = Yes
> >         print command = /usr/share/samba/scripts/print-pdf %s ~%u \\\\\\\\%L
> > \\\\%u %m &
> > 
> > [public]
> >         comment = Public
> >         path = /home/samba/public
> >         read only = No
> >         guest ok = Yes
> > 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Jason Norred <jnorred at norredtech.com>
Norred Technical Services


More information about the samba mailing list