[Samba]SOLVED - idmap_rid / roaming profile permissions / NTAUTHORITY\SYSTEM

[Stefanos Karasavvidis]

I solved the problem with my roaming profiles by just changing from
case sensitive = yes
to
case sensitive = auto
in smb.conf!!!

No permissions change, no nothing.

Stefanos

Stefanos Karasavvidis wrote:
> I'm struggling with roaming profile permissions as I can not "see" the 
> NT AUTHORITY\SYSTEM account.
> 
> I have:
> -samba file server with acl 3.0.14a
> -authentication with winbind and idmap_rid against Windows 2003 ADS
> -using "default domain" in smb.conf for winbind
> 
> The roaming profile directories are on the samba machine under the users 
> home directory. As noted on several sites, the profile directory must 
> have the following permissions:
> owner full control (this is ok)
> SYSTEM (S-1-5-18) full control (here is the problem)
> 
> I can't add the permissions for the system account, as it is "not seen" 
> from samba. The result is that roaming profile do not work
> 
> I get the following output with wbinfo
> wbinfo -s "S-1-5-18"
> NT AUTHORITY\SYSTEM 5
> 
> wbinfo -n "NT AUTHORITY\SYSTEM"
> S-1-5-18 Well-known Group (5)
> 
> wbinfo -Y "S-1-5-18"
> Could not convert sid S-1-5-18 to gid   <--------
> 
> wbinfo -S "S-1-5-18"
> Could not convert sid S-1-5-18 to uid   <--------
> 
> I tried to fix it with net groupmap, but it did not work (maybe I miss 
> something?)
> 
> So the question is: how do I set permissions for the SYSTEM account???
> 
> 
> regards
> Stefanos

-- 
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
       (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
       Environmental Engineering Buildings
       (+30) 28210 37766
Fax:  (+30) 28210 37571