[Samba] [SOLVED] Samba 4: 'Access denied' error when accessing user profile during logon
robert at marcanoonline.com
Fri Sep 21 15:47:47 UTC 2018
On 9/21/18 10:38 AM, Rowland Penny via samba wrote:
> On 21 Sep 2018 10:10:22 -0400
> Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
>> Hello Louis,
>> In fact, the shares mentioned in my original messages are used in
>> The accounts, however, are used in both Windows and Unix-type
>> environments (we have quite a zoo of OSes in active use); so we
>> actually use the Posix part of accounts for attributes and Kerberos
>> component to authenticate in all non-Windows use.
>> So my primary intent is to make the homes/profiles shares most
>> convenient and secure from Windows viewpoint.
> Lets be honest about this, the sysvol, netlogon and profiles shares are
> only used by Windows clients (unless somebody knows differently). This
> means that no Unix client needs to be able to connect to them, so the
> best way to set the required permissions is to set them from Windows
> and add 'acl_xattr:ignore system acls = yes' to each share.
If someone is using SSSD (not a Samba provided module) instead of
winbind and is using its GPO support , those Linux clients must be
reading sysvol, but not in a direct way in in which 'acl_xattr:ignore
system acls = yes' can affect them
More information about the samba