[Samba] XP SP2 connecting to 3.0.10-1.4E
Chris Robinson
chris.robinson at voipsupply.com
Mon Oct 3 01:38:08 GMT 2005
The reason acls are commented out is because I tried them and it made no
difference. As I understand it csc policy = disable would be for
roaming profiles which generally I don't use but leave the ability for
special circumstances.
Didn't know if the XP firewall settings would make a difference here or
not, but I figured the more info the better.
My permissions on /home/samba-ntprof are almost identical to yours
except I use a different group.
Just to reiterate...XP SP1 does work exactly as I want it to. It's only
XP SP2 that is causing problems.
Craig White wrote:
> On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote:
>
>>I have been running our companies XP Pro systems on our Samba domain
>>controller (version: 3.0.10-1.4E) with local administrative rights up to
>>this point. Everything has worked fine.
>>
>>We are getting larger now and I'd like to make the logins locally
>>restricted (I want them to have XP's "Users" rights and "Remote Desktop
>>Users" only). When I restrict the accounts to anything below
>>administrative rights on XP SP2 however nothing in the profile gets
>>saved. I have tried this with XP SP1 and everything works as I expect.
>>
>>I have tried:
>>*Turning off the XP SP2 firewall. No difference
>>*Running a sniffer on it. Don't know what I'm looking for but nothing
>>seemed out of the ordinary.
>>*Giving the user administrative rights, logging in and making changes.
>>Then I logged out and logged in as the Administrator and dropped the
>>rights to "Users" and logged back in. The first time I log in I see the
>>profile the user left when it had administrative rights, but when I
>>logout and log back in it resets the profile again.
>>*Had profile acls on and off. No difference
>>
>>Here is my smb.conf for global and profiles:
>>[global]
>> workgroup = MYCO
>> netbios name = MYCOPDC
>> interfaces = 192.168.0.5
>> time server = Yes
>> unix extensions = No
>> add user script = /usr/sbin/useradd -m %u
>> delete user script = /usr/sbin/userdel -r %u
>> add group script = /usr/sbin/groupadd %g
>> delete group script = /usr/sbin/groupdel %g
>> add user to group script = /usr/sbin/usermod -G %g %u
>> add machine script = /usr/sbin/useradd -s /bin/false -d
>>/dev/null %u
>> logon script = logon.bat
>> logon path = \\%L\profiles\%u\%m
>> # logon path =
>> logon drive = H:
>> logon home = \\%L\%u\.win_profile\%m
>> domain logons = Yes
>> os level = 70
>> preferred master = Yes
>> domain master = Yes
>> wins support = Yes
>> hosts allow = 192.168.1.0/255.255.255.0,
>>192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91,
>>127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24
>>
>>[netlogon]
>> path = /etc/samba/
>> valid users = root, @users
>> admin users = root
>> browseable = No
>>
>>[profiles]
>> path = /home/samba-ntprof
>> read only = No
>> create mask = 0600
>> directory mask = 0700
>> browseable = No
>># profile acls = yes
>
> ----
> Presuming that when you say that nothing in the profile gets saved when
> their privileges are reduced, I am presuming that you mean that the
> profiles aren't saved on the server.
>
> think that you need to have profile acls = yes NOT commented out
>
> firewall settings have no impact whatsoever on whether profiles are
> saved.
>
> you probably want to add...
> csc policy = disable
>
> to the profile share definition as well.
>
> As far as your specific problem, what is the permissions of
> /home/samba-ntprof
>
> on mine...
>
> # ls -ld /home/samba/profiles/
> drwxrwx--- 6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
>
> where all users are members of 'dom_users' group and thus can write to
> the directory
>
> Craig
>
>
--
Christopher Robinson
chris.robinson at voipsupply.com
VoIPSupply.com
-- a division of B2 Technologies, LLC
454 Sonwil Drive
Buffalo, NY 14225
(716) 250-3411
(716) 630-1548 fax
(800) 398-VOIP
VoIPSupply.com is a leading reseller of VoIP hardware, software and
services.
More information about the samba
mailing list