[Samba] Samba4 Domain UP, but no roaming profiles
Adam Tauno Williams
awilliam at whitemice.org
Tue Dec 18 06:52:11 MST 2012
On Tue, 2012-12-18 at 02:45 +1100, Stephen Jones wrote:
> The problem is your smb.conf [profiles]. The only options you need are
> the path and read only = no. Control access from Windows with an ACL
> applied to the profiles share security properties rather than forcing
> permissions from Samba. S4 is different from S3. I'm not sure if those
> mask options work in S4 but, if they do, those values will deny all
> access set through extended ACLs because those are applied through the
> group class.
> Fix smb.conf
Ok, did that.
Anyway, for whatever reason roaming profiles started worked. Even
before I make this change.
> and start with an empty profiles directory
Totally and completely not an option. This is a migrated domain with
existing profiles.
> root:root. getfacl will show you the Posix ACLs created from Windows.
> From Windows ADUC add the roaming profiles path to the user's profile.
They already have this attribute by virtue of the migration. The
existence of the attribute has been verified.
> Tip: There is a GPO setting under
> computer-policies-templates-system-user profiles to add the
> administrators group to roaming profiles. This is a good idea,
> otherwise administrators cannot browse the profile folders.
Cool, I'll take a look on that.
More information about the samba
mailing list