[Samba] XP SP2 connecting to 3.0.10-1.4E

Chris Robinson chris.robinson at voipsupply.com
Mon Oct 3 01:38:08 GMT 2005


The reason acls are commented out is because I tried them and it made no 
difference.  As I understand it csc policy = disable would be for 
roaming profiles which generally I don't use but leave the ability for 
special circumstances.

Didn't know if the XP firewall settings would make a difference here or 
not, but I figured the more info the better.

My permissions on /home/samba-ntprof are almost identical to yours 
except I use a different group.

Just to reiterate...XP SP1 does work exactly as I want it to.  It's only 
XP SP2 that is causing problems.

Craig White wrote:
> On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote:
> 
>>I have been running our companies XP Pro systems on our Samba domain 
>>controller (version: 3.0.10-1.4E) with local administrative rights up to 
>>this point.  Everything has worked fine.
>>
>>We are getting larger now and I'd like to make the logins locally 
>>restricted (I want them to have XP's "Users" rights and  "Remote Desktop 
>>Users" only).  When I restrict the accounts to anything below 
>>administrative rights on XP SP2 however nothing in the profile gets 
>>saved.  I have tried this with XP SP1 and everything works as I expect.
>>
>>I have tried:
>>*Turning off the XP SP2 firewall.  No difference
>>*Running a sniffer on it. Don't know what I'm looking for but nothing 
>>seemed out of the ordinary.
>>*Giving the user administrative rights, logging in and making changes. 
>>Then I logged out and logged in as the Administrator and dropped the 
>>rights to "Users" and logged back in.  The first time I log in I see the 
>>profile the user left when it had administrative rights, but when I 
>>logout and log back in it resets the profile again.
>>*Had profile acls on and off. No difference
>>
>>Here is my smb.conf for global and profiles:
>>[global]
>>         workgroup = MYCO
>>         netbios name = MYCOPDC
>>         interfaces = 192.168.0.5
>>         time server = Yes
>>         unix extensions = No
>>         add user script = /usr/sbin/useradd -m %u
>>         delete user script = /usr/sbin/userdel -r %u
>>         add group script = /usr/sbin/groupadd %g
>>         delete group script = /usr/sbin/groupdel %g
>>         add user to group script = /usr/sbin/usermod -G %g %u
>>         add machine script = /usr/sbin/useradd -s /bin/false -d 
>>/dev/null %u
>>         logon script = logon.bat
>>   logon path = \\%L\profiles\%u\%m
>>   # logon path =
>>         logon drive = H:
>>         logon home = \\%L\%u\.win_profile\%m
>>         domain logons = Yes
>>         os level = 70
>>         preferred master = Yes
>>         domain master = Yes
>>         wins support = Yes
>>         hosts allow = 192.168.1.0/255.255.255.0, 
>>192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91, 
>>127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24
>>
>>[netlogon]
>>         path = /etc/samba/
>>         valid users = root, @users
>>         admin users = root
>>         browseable = No
>>
>>[profiles]
>>         path = /home/samba-ntprof
>>         read only = No
>>         create mask = 0600
>>         directory mask = 0700
>>         browseable = No
>>#  profile acls = yes
> 
> ----
> Presuming that when you say that nothing in the profile gets saved when
> their privileges are reduced, I am presuming that you mean that the
> profiles aren't saved on the server.
> 
> think that you need to have profile acls = yes NOT commented out
> 
> firewall settings have no impact whatsoever on whether profiles are
> saved.
> 
> you probably want to add...
>         csc policy = disable
> 
> to the profile share definition as well.
> 
> As far as your specific problem, what is the permissions of 
> /home/samba-ntprof
> 
> on mine...
> 
> # ls -ld /home/samba/profiles/
> drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
> 
> where all users are members of 'dom_users' group and thus can write to
> the directory
> 
> Craig
> 
> 

-- 
Christopher Robinson
chris.robinson at voipsupply.com

VoIPSupply.com
   -- a division of B2 Technologies, LLC
454 Sonwil Drive
Buffalo, NY 14225

(716) 250-3411
(716) 630-1548 fax
(800) 398-VOIP


VoIPSupply.com is a leading reseller of VoIP hardware, software and 
services.


More information about the samba mailing list