[Samba] Re: Ntconfig.pol policies not applied immediatly after been
x.poirier at free.fr
Thu Apr 20 21:43:22 GMT 2006
I've not seen this thread before (as I'm with a 3.0.20 version !) :
And this one for the Bugzilla link :
I've not done like Robert and Tomek with "NETLOGON" look here :
path = /var/lib/samba/netlogon/
read only = no
public = yes
write list = @"Domain Admins"
create mask = 0755 <-------- this is not necessary 0750 is sufficient
directory mask = 0755 <-------- The same 0750 is good
path = /var/lib/samba/profiles
read only = no
create mask = 0755 <-------- You can DELETE this line if you use ACLS
directory mask = 0755 <-------- The same , can DELETE this
browseable = No
guest ok = Yes
profile acls = yes
inherit permissions = yes
inherit acls = yes <-------- Using filsystem with acls support
acl check permissions = no
The main advantage of doing this with ACLS is that you can put your
Domain Administrator to have rights onto the Users Profiles (thats why
we must put acl "check permissions = no" because of microsoft
implementation is to verify that ONLY the user owner of his proper
profile dir can RWX. Set ACLS onto
/var/lib/samba/profiles like this :
# file: profiles
# owner: root
# group: domainusers
default group:domainusers:--- <--- for me I've let rwx here but this should work like this.
The only thing I've seen a little strange , is in the user computer into
c:\documents and setting\%userprofile%\directories ..
many dirs. have the read only attribute set onto the windows properties
(the default profile is copied from the PDC/Samba domain), but seems to
not affect the handling of files ..
perhaps of my 3.0.20 version ...
xavier a écrit :
> My NTconfig.pol file into \\netlogon share seems to be good...
> in the logs the file is readed with no problem at my user logon.
> The strange think I have is that the policy I've made is applied if my
> user loggon onto a windows 2003 server we have for testing purpose !
> (If I loggon first onto my win2k machine, the policy is not applied ...)
> logging after onto my win2k computer takes advantage of the policy
> made before.
> I can't explain myself what is happening there, strange ...
> what could be the difference between those two loggings onto 2
> different OS.
More information about the samba