[Samba] losing access to profile when user becomes domain user
instead domain admin
Rainer Traut
tr.ml at gmx.de
Fri May 13 13:38:38 GMT 2005
Hi,
I am in the process of migrating our windows workstations to a samba domain.
Here is the problem:
When creating the domain user I put every user additionalyy in the
domain admin group so that he/she can copy his old files on the local
profile to his new domain account.
Then after this is done I put them to the domain users group but some
(!) of the user the lose then access to the profile.
When I look at permissions on their workstation everything looks ok, but
he/she has no write access, though he is listed as owner.
samba is samba-3.0.13-1.4E.2 on Redhat EL4.
Here are parts of smb.conf
[Profiles]
comment = Roaming profiles share
path = /shares/profiles
writeable = yes
create mask = 0700
directory mask = 0770
browsable = no
valid users = @domusers root
force user = %U
profile acls = yes
[root at jupiter Eigene Dateien]# net groupmap list
Domain Admins (S-1-5-21-2187243289-1530508873-3638611354-512) -> domadmins
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-2187243289-1530508873-3638611354-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Users (S-1-5-21-2187243289-1530508873-3638611354-513) -> domusers
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
This works:
[root at jupiter Eigene Dateien]# id koe
uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers),1003(domadmins)
[root at jupiter Eigene Dateien]#
This does not:
[root at jupiter Eigene Dateien]# id koe
uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers)
[root at jupiter Eigene Dateien]#
Thanks for help
Rainer
More information about the samba
mailing list