[Samba] [SOLVED] Samba 4: 'Access denied' error when accessing user profile during logon
Rowland Penny
rpenny at samba.org
Fri Sep 21 14:38:23 UTC 2018
On 21 Sep 2018 10:10:22 -0400
Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
> Hello Louis,
>
> In fact, the shares mentioned in my original messages are used in
> Windows-only.
>
> The accounts, however, are used in both Windows and Unix-type
> environments (we have quite a zoo of OSes in active use); so we
> actually use the Posix part of accounts for attributes and Kerberos
> component to authenticate in all non-Windows use.
>
> So my primary intent is to make the homes/profiles shares most
> convenient and secure from Windows viewpoint.
>
Lets be honest about this, the sysvol, netlogon and profiles shares are
only used by Windows clients (unless somebody knows differently). This
means that no Unix client needs to be able to connect to them, so the
best way to set the required permissions is to set them from Windows
and add 'acl_xattr:ignore system acls = yes' to each share.
Rowland
More information about the samba
mailing list