[Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Zach
uid000 at gmail.com
Tue Sep 28 18:00:42 GMT 2004
I'm posting my smb.conf below. I posted it earlier today, but
evidently some of my posts are taking > 24 hrs to make it to the list.
I'm going to try adding the profile acls statement to the profiles
section since (for me) that's the section that actually establishes
the profiles share. I'll post my results once I've tried it out.
Does anyone know if the profile acls setting is related/dependent on
acls support compiled into the kernel. I haven't compiled it into my
kernel, but I think they're unrelated.
I don't blame you for wanting to run with with less than admin
privileges, especially with heinous things the windows GDI exploit
[http://www.easynews.com/virus.html] in the wild.
Zach
If there are other, unrelated, problems with the following smb.conf,
please let me know that as well.
smb.conf:
[global]
netbios name = BABYLON
workgroup = CIVILIZATION
browseable = no
server string = Samba Server
log file = /var/log/samba/smbd.log
max log size = 50
security = user
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = \
*password* %n\n \
*password* %n\n \
*successfully*
username map = /etc/samba/smbusers
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
logon script = logon.cmd
wins support = yes
dns proxy = no
[homes]
comment = Home Directories
path = /home/samba/share/%U
writeable = yes
create mode = 0600
directory mode = 0740
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no
[Profiles]
path = /home/samba/profiles
browseable = No
writeable = yes
[share]
path = /home/samba/share
writeable = yes
guest ok = no
create mode = 0660
directory mode = 0770
browseable = yes
On Tue, 28 Sep 2004 18:40:27 +0200, Stefan Wegner <steve.w at t-online.de> wrote:
> Tom Skeren schrieb:
> ...
>
> I have EXACTLY the same problem with Samba 3.0.7 and W2K SP4:
> Entering the Domain wit Admin-rights everything is fine (complete local
> settings, etc.)
> As soon as i make this User a (local)User or Poweruser, i get a reduced
> profile from the server although i still have
> profile acls = yes
> in my "homes" section (where the profiles are stored)
> Does this has to be under the section "profiles" ?
>
> You are not alone and i'm very interested to get a solution as well,
> cause i don't want to have Admin rights all the time.
>
> Anyone has got the trick ?
>
> Stefan
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list