[Samba] Enforcing local profile doesn't let Home Directory mapping

[Michael Heydon]

Avinash Rao wrote:
> Also, is there a way i can control the file permission on the clients
> local harddrive from samba. For example, If a user A logs in to the
> samba domain, he will not have any access to the local hard drive, can
> we give permission from the samba, probably make that domain user a
> part of power users on the client machine.
>   
Not directly, I use cpau in the login scripts to escalate to a domain 
admin and as that user run a script which does things like add certain 
domain groups to the local admins group. Just remember group membership 
is worked out before the login scripts are run, so the user will have to 
log out and back in for any changes to take affect.

It is a security risk (cpau doesn't encrypt the credentials, it uses 
some secret encoding) so it isn't suitable for everyone, but it works 
well for us.

*Michael Heydon - IT Administrator *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>