[Samba] XP SP2 connecting to 3.0.10-1.4E

Craig White craigwhite at azapple.com
Sun Oct 2 23:01:24 GMT 2005

On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote:
> I have been running our companies XP Pro systems on our Samba domain 
> controller (version: 3.0.10-1.4E) with local administrative rights up to 
> this point.  Everything has worked fine.
> We are getting larger now and I'd like to make the logins locally 
> restricted (I want them to have XP's "Users" rights and  "Remote Desktop 
> Users" only).  When I restrict the accounts to anything below 
> administrative rights on XP SP2 however nothing in the profile gets 
> saved.  I have tried this with XP SP1 and everything works as I expect.
> I have tried:
> *Turning off the XP SP2 firewall.  No difference
> *Running a sniffer on it. Don't know what I'm looking for but nothing 
> seemed out of the ordinary.
> *Giving the user administrative rights, logging in and making changes. 
> Then I logged out and logged in as the Administrator and dropped the 
> rights to "Users" and logged back in.  The first time I log in I see the 
> profile the user left when it had administrative rights, but when I 
> logout and log back in it resets the profile again.
> *Had profile acls on and off. No difference
> Here is my smb.conf for global and profiles:
> [global]
>          workgroup = MYCO
>          netbios name = MYCOPDC
>          interfaces =
>          time server = Yes
>          unix extensions = No
>          add user script = /usr/sbin/useradd -m %u
>          delete user script = /usr/sbin/userdel -r %u
>          add group script = /usr/sbin/groupadd %g
>          delete group script = /usr/sbin/groupdel %g
>          add user to group script = /usr/sbin/usermod -G %g %u
>          add machine script = /usr/sbin/useradd -s /bin/false -d 
> /dev/null %u
>          logon script = logon.bat
>    logon path = \\%L\profiles\%u\%m
>    # logon path =
>          logon drive = H:
>          logon home = \\%L\%u\.win_profile\%m
>          domain logons = Yes
>          os level = 70
>          preferred master = Yes
>          domain master = Yes
>          wins support = Yes
>          hosts allow =, 
> [netlogon]
>          path = /etc/samba/
>          valid users = root, @users
>          admin users = root
>          browseable = No
> [profiles]
>          path = /home/samba-ntprof
>          read only = No
>          create mask = 0600
>          directory mask = 0700
>          browseable = No
> #  profile acls = yes
Presuming that when you say that nothing in the profile gets saved when
their privileges are reduced, I am presuming that you mean that the
profiles aren't saved on the server.

think that you need to have profile acls = yes NOT commented out

firewall settings have no impact whatsoever on whether profiles are

you probably want to add...
        csc policy = disable

to the profile share definition as well.

As far as your specific problem, what is the permissions of 

on mine...

# ls -ld /home/samba/profiles/
drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/

where all users are members of 'dom_users' group and thus can write to
the directory


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list