[Samba] [SOLVED] Samba 4: 'Access denied' error when accessing user profile during logon

Rowland Penny rpenny at samba.org
Fri Sep 21 07:06:43 UTC 2018

On Fri, 21 Sep 2018 08:52:43 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hai, 
> Now, i did not know you used the DC for the profiles here but yes it
> looks good. 
> Small comment on point 3 and 4. 
> 3) Its good, you might notice a few more rights there compaired to
> what i posted, thats because you have your profiles on the DC but the
> settings are good. 
> 4) yes, the security is ok, i like the higher security setting and
> try to mimic the windows settings as much as possible. You can relax
> it a bit, but i dont recommend that. 
> Your ready for the next step ;-) 
> And a tip ahead. 
> Settings like this apply to \\server\ ( users-home)  | profiles |
> print$  for example. 
> The why?, because this these shares might needs some extra windows
> love ;-) On these shares i apply the ignore systemacls to mimic the
> windows rights as close as possible. Reason for that is simple, less
> problems, but this doe depend on how you use the network. 

If you use 'ignore systemacls', then you must also ignore the output of
getfacl. This is because you are telling Samba to only use the ACLs
found in the EA 'security.NTACL' for the share and these can be, and
probably are, different from what getfacl shows.


More information about the samba mailing list