[Samba] losing access to profile when user becomes domain user instead domain admin

Rainer Traut tr.ml at gmx.de
Fri May 13 13:38:38 GMT 2005


I am in the process of migrating our windows workstations to a samba domain.

Here is the problem:

When creating the domain user I put every user additionalyy in the
domain admin group so that he/she can copy his old files on the local
profile to his new domain account.

Then after this is done I put them to the domain users group but some
(!) of the user the lose then access to the profile.

When I look at permissions on their workstation everything looks ok, but
he/she has no write access, though he is listed as owner.

samba is samba-3.0.13-1.4E.2 on Redhat EL4.

Here are parts of smb.conf

         comment = Roaming profiles share
         path = /shares/profiles
         writeable = yes
         create mask = 0700
         directory mask = 0770
         browsable = no
         valid users = @domusers root
         force user = %U
         profile acls = yes

[root at jupiter Eigene Dateien]# net groupmap list
Domain Admins (S-1-5-21-2187243289-1530508873-3638611354-512) -> domadmins
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-2187243289-1530508873-3638611354-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Users (S-1-5-21-2187243289-1530508873-3638611354-513) -> domusers
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

This works:
[root at jupiter Eigene Dateien]# id koe
uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers),1003(domadmins)
[root at jupiter Eigene Dateien]#

This does not:
[root at jupiter Eigene Dateien]# id koe
uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers)
[root at jupiter Eigene Dateien]#

Thanks for help

More information about the samba mailing list