[Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

Tom Skeren tms3 at fskklaw.com
Wed Sep 29 17:46:14 GMT 2004 

Zach wrote:

>We just experimented with this here at work.  As administrator we
>manually deleted the profile of a user at replaced it with a manual
>copy of another user's profile, and the problem was reproduced
>exactly.  When we subsquently deleted NTUSER.DAT and logged in again,
>NTUSER.DAT was rebuilt using the default profile and the profile
>loaded properly.  Evidently the SID recorded in NTUSER.DAT has to
>match the user's sid or it won't load properly.
>
Good news Zach.  I'm off to the office to give it a go myself.  Should 
give a preliminary response by noon PST.
Cheers,
TMS III

>
>Now to find out how to repair/rebuild/migrate NTUSER.DAT without
>losing the user's sid without losing the customizations.
>
>Although this has turned out to not really be a Samba problem, I'll
>post what I find out since this seems to affect several users on the
>list.
>
>Thanks
>Zach
>
>On Wed, 29 Sep 2004 10:00:47 -0700, Craig White <craigwhite at azapple.com> wrote:
>  
>
>>On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote:
>>    
>>
>>>Craig White schrieb:
>>>
>>>      
>>>
>>>>The 'homes' share should be differentiated from the 'profiles' share if
>>>>you desire to have expected behavior. Whether this is an absolute
>>>>requirement or not, I have no idea but I do know that I don't have a
>>>>problem with roaming profiles and haven't since 2.2.x and it still works
>>>>on 3.0.x
>>>>        
>>>>
>>>Doesn't make any difference: profile acls = yes
>>>in "homes" is the same behaviour asin "profiles" as long as profiles are
>>>located under homes.
>>>
>>>The prob is still the same:
>>>user with local adm-rights = complete profile
>>>user with User- or Poweruser- rights = reduced profile (background and
>>>other settings)
>>>
>>>Can you switch the local Rights of your Users from User to Admin and
>>>then go back to User without loss in the profile ?
>>>      
>>>
>>----
>>I have done that but only once. My users are all NOT local admins or
>>power users - they are pretty much unprivileged beyond the local Users.
>>Either way (or even switching to and from local Administrator group)
>>caused no problem with loading the profile.
>>
>>On the samba server(s) - my privileges are different for the homes and
>>profiles directories.
>>
>>my users homes are in...
>>drwxr-xr-x   40 root     root         4096 Sep  8 10:50 users
>>and a sample users directory...
>>drwx------   19 craig    users-all     4096 Aug 29 17:31 craig
>>
>>whereas the profiles...
>>
>>drwxrwsr-x   21 Administrator Domain Users     4096 Sep  9 08:53
>>profiles
>>and a sample profile directory
>>drwxr-xr-x   13 test     Domain Users     4096 Jan 26  2004 test
>>
>>This has not been a problem for me.
>>
>>Craig
>>
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>>    
>>

More information about the samba mailing list