[Samba] Roaming profiles in domain level
Li, Ying (ESG)
ying.li2 at hp.com
Sat Apr 30 02:20:49 GMT 2005
I've finally found out how to use roaming profiles in domain level.
Samba2.2 and 3.0 always checks owner's ACL for profile directories. But
Samba returns correct owner ACL in a little bit different format with
Windows. For example:
Samba as profiles resource responses owner ACL for profile directory:
Owner: S-1-5-21-2951980089-3660375505-290094901-1224
Revision: 1
Num Auth: 5
Authority: 5
Sub-authorities: 21-2951980089-3660375505-290094901
RID: 1224
Windows as profiles resource responses owner ACL for profile directory:
Owner: S-1-5-21-2951980089
Revision: 1
Num Auth: 5
Authority: 5
Sub-authorities: 21-2951980089
Even profile's owner is a valid domain user with accessible permissions
on all files/directories in profile directory, Windows clients would
disallow to access to profiles, and terminate to send incoming requests
for loading profiles.
Since Windows 2K/XP clients have a registry value to control if to check
owner ACL for profile directories. I used it to not check ownership. Go
to Group policy/Local Computer Configuration/Administrative
templates/System/Logon for Windows 2K/XP, and enable "Do not Check for
User Ownership of Roaming Profiles Folders". The default value is "Not
configured". This works to me.
Thanks.
-Ying
More information about the samba
mailing list