[Samba] root ownership on some profile files cause login errors
Justin Zachor
zachor-samba at gamelogic.com
Mon Nov 29 21:37:17 GMT 2004
Here's another question related to how to use masks --
In my PDC area I specify:
logon path = \\netapp\profiles\%u
This puts server-based (roaming) profiles on my Network Appliance (which
itself is an SMB/PDC client).
A previous admin here left this commented section:
#[profiles]
# path = /var/lib/samba/profiles # path = /netapp/profiles ???
# read only = no
# create mask = 0600
# directory mask = 0700
So, is this the sytax for masks?
Do I add "create mask = 0744" -OR- "force create mask = 0744"?
Where do I put it? Anywhere in smb.conf?
Should the mask be 0077? (it's a mask, not chown notation, right??)
PS, When I had Windows login trouble, these perms tweaks fixed it:
/home/profiles# chown -R <user> <user>
/home/profiles# chmod -R 700 <user>
NOTE: We're using Samba as a PDC fine with the below smb.conf. So I
don't want to muck up permission by adding an improper mask statement.
So Again, this permissions issue only came up when I copied a profile
from a local Win2K box to the PDC profile dir using local administrator
"Copy To..." feature under System | User Profiles (control panel).
Thanks again!
-JAZ
joec wrote:
> Try this:
> net mask = 0744 (or 755 depending on what you want the permissions to be)
> directory mask = 0755
>
> Check a samba book for the correct options, but that is how I did the trick on my network at home.
>
> Joe
>
> Justin Zachor <zachor-samba at gamelogic.com> wrote :
>
>
>>On a newly migrated profile (migrated onto Samba server, from local)
>>some files/dirs get root ownership.
>>
>>How can I stop this from happening, without having to manually adjust
>>the permissions? Should I use "force create mode = 0600" or
>>"force
>>directory mode = 0700"? If so, then where?
>>
>>For example
>>drwx------ 2 root daemon 4096 Nov 12 14:58 S-1-5-21-515...
>>
>>"Windows cannot copy file \\netapp\profiles\user\Application
>>Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and
>>Settings\user.FOOBAR\Application
>>Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network
>>administrator.
>>
>>DETAIL - Access is denied."
>>
>>"Windows cannot load the profile and is logging you on with a
>>temporary profile. Changes you make to this profile will be lost when
>>you log off."
>>------------smb.conf--------------
>>[global]
>>
>># -- BEGIN PDC --
>> domain logons = yes
>> logon path = \\netapp\profiles\%u
>> logon drive = H:
>> logon home = \\netapp\%u\.winprofile
>> logon script = logon.bat
>>
>> add user to group script = /usr/sbin/usermod -G %g %u
>> add machine script = /usr/sbin/adduser --firstuid 9001 \
>> --lastuid 9500 \
>> --gid 9000 --home /dev/null --shell /bin/false \
>> --no-create-home \
>> --disabled-password --gecos "%u Samba Machine Account" \
>> --force-badname %u
>> admin users = @ntadmins
>> workgroup = FOOBAR
>># -- END PDC --
>>
>> invalid users = root
>><snip> (many misc settings here -- omitted for ease of reading)
>>
>>[netlogon]
>> comment = Network Logon Service
>> browseable = no
>> path = /var/lib/samba/netlogon
>> read only = yes
>> write list = @ntadmins
>>#[profiles]
>># path = /var/lib/samba/profiles # path = /netapp/profiles ???
>># read only = no
>># create mask = 0600
>># directory mask = 0700
>>[homes]
>> comment = Home Directories
>> browseable = no
>> force create mode = 0755
>> force directory mode = 0755
>> writable = yes
>>--------------------------------------------------------
>>Thanks in advance
More information about the samba
mailing list