[Samba] setting up W7 profiles

Bob of Donelson Trophy bob at donelsontrophy.net
Mon Mar 9 06:10:37 MDT 2015



First, let me point out that sometimes (and sometimes not) the mailing
list will strip out some backslash marks in cut and paste. So, if there
is a backslash missing . . . well, ignore that missing mark. 


When your script runs it creates the following default permissions: 

root at mbr01:~# ls -alh /home/samba/TEST/profiles
total 8.0K
drwxr-xr-t 2 root root 4.0K Feb 21 18:39 .
drwxr-xr-t 5 root root 4.0K Feb 21 18:39 .. 

Then, per your instruction, I ran: 

root at mbr01:~# chmod 1777 /home/samba/TEST/profiles 

root at mbr01:~# ls -alh /home/samba/TEST/profiles
total 12K
drwxrwxrwt+ 2 root root 4.0K Mar 1 10:21 .
drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. 

Then went into W7 client and adjusted permissions (on my member server)
as instructed by
"https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles". That
changed permissions to: 

root at mbr01:~# ls -alh /home/samba/TEST/profiles
total 12K
drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 .
drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. 

So, Louis, go warm up the oven, you **might** be needing it to soften up
that shoe . . . 

However, Rowland mentioned (in one of the emails) that if I couldn't get
'getent group domain users' (might be missing a backslash or two) to
return anything, "I was dead in the water" . . . or something like that.

Well, in my test environment and on real machines, none of the member
servers (test environment and/or real) return anything with 'getent
group domain users'. 

The DC's return info, member servers do not. 

As we all pull at our hair, trying to figure this out. It has to be the
user, me. 

So, tonight when I have more time, I will return to this and try
something I remember reading in one of the CentOS tutorials. Something
about Windows being very finicky about permissions (on a CentOS DC,
anyway) settings and how W7 users have to delete ALL the permissions and
re-add them. Something about changing the permissions settings not
"taking" in the Windows client and that they (permissions) need to be
purged completely and re-added. 

Wish me luck . . . 


Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [2]

"Everyone deserves an award!!"

On 2015-03-09 06:32, L.P.H. van Belle wrote: 

> yes, i know.. 
> but its better if he try the new settings, it save to need of any GID for the group rights. 
> im working on that also to make it more uniform and a set with posix and a set without postix rights. 
> Greetz, 
> Louis
> -----Oorspronkelijk bericht----- Van: rowlandpenny at googlemail.com [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny Verzonden: maandag 9 maart 2015 12:19 Aan: samba at lists.samba.org Onderwerp: Re: [Samba] setting up W7 profiles On 09/03/15 10:59, L.P.H. van Belle wrote: Bob, to the following.. set the in smb.conf not more not less. On the member server. [profiles$] path = /home/samba/TEST/profiles read only = no acl_xattr:ignore system acl = yes restart samba now type chown root:root /home/samba/TEST/profiles chmod 1777 /home/samba/TEST/profiles Now go to the wiki and set the correct rights for a profile share. and ONLY for AD! ( not the POSIX ) Now go set the share rights from withing windows. then set the rights on the folder from within windows. if this does not work, i'll eat my shoe... and for these: admin users = +"TESTDomain Admins" profile acls = yes csc policy = disable You dont need postix settings on the profiles share imo. But these settings come from y
member server install script ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [1]

[1] https://lists.samba.org/mailman/options/samba
[2] http://www.donelsontrophy.com

More information about the samba mailing list