[Samba] XP SP2 connecting to 3.0.10-1.4E

Craig White craigwhite at azapple.com
Sun Oct 2 23:01:24 GMT 2005 

On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote:
> I have been running our companies XP Pro systems on our Samba domain 
> controller (version: 3.0.10-1.4E) with local administrative rights up to 
> this point.  Everything has worked fine.
> 
> We are getting larger now and I'd like to make the logins locally 
> restricted (I want them to have XP's "Users" rights and  "Remote Desktop 
> Users" only).  When I restrict the accounts to anything below 
> administrative rights on XP SP2 however nothing in the profile gets 
> saved.  I have tried this with XP SP1 and everything works as I expect.
> 
> I have tried:
> *Turning off the XP SP2 firewall.  No difference
> *Running a sniffer on it. Don't know what I'm looking for but nothing 
> seemed out of the ordinary.
> *Giving the user administrative rights, logging in and making changes. 
> Then I logged out and logged in as the Administrator and dropped the 
> rights to "Users" and logged back in.  The first time I log in I see the 
> profile the user left when it had administrative rights, but when I 
> logout and log back in it resets the profile again.
> *Had profile acls on and off. No difference
> 
> Here is my smb.conf for global and profiles:
> [global]
>          workgroup = MYCO
>          netbios name = MYCOPDC
>          interfaces = 192.168.0.5
>          time server = Yes
>          unix extensions = No
>          add user script = /usr/sbin/useradd -m %u
>          delete user script = /usr/sbin/userdel -r %u
>          add group script = /usr/sbin/groupadd %g
>          delete group script = /usr/sbin/groupdel %g
>          add user to group script = /usr/sbin/usermod -G %g %u
>          add machine script = /usr/sbin/useradd -s /bin/false -d 
> /dev/null %u
>          logon script = logon.bat
>    logon path = \\%L\profiles\%u\%m
>    # logon path =
>          logon drive = H:
>          logon home = \\%L\%u\.win_profile\%m
>          domain logons = Yes
>          os level = 70
>          preferred master = Yes
>          domain master = Yes
>          wins support = Yes
>          hosts allow = 192.168.1.0/255.255.255.0, 
> 192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91, 
> 127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24
> 
> [netlogon]
>          path = /etc/samba/
>          valid users = root, @users
>          admin users = root
>          browseable = No
> 
> [profiles]
>          path = /home/samba-ntprof
>          read only = No
>          create mask = 0600
>          directory mask = 0700
>          browseable = No
> #  profile acls = yes
----
Presuming that when you say that nothing in the profile gets saved when
their privileges are reduced, I am presuming that you mean that the
profiles aren't saved on the server.

think that you need to have profile acls = yes NOT commented out

firewall settings have no impact whatsoever on whether profiles are
saved.

you probably want to add...
        csc policy = disable

to the profile share definition as well.

As far as your specific problem, what is the permissions of 
/home/samba-ntprof

on mine...

# ls -ld /home/samba/profiles/
drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/

where all users are members of 'dom_users' group and thus can write to
the directory

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list