[Samba] Sometimes Roaming Profile loose rights to restart shutdown...

L.P.H. van Belle belle at bazuin.nl
Thu Nov 14 14:00:04 UTC 2019 

Hai,  


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> admins aixtema via samba
> Verzonden: donderdag 14 november 2019 14:02
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Sometimes Roaming Profile loose rights to 
> restart shutdown...
> 
> Hi,
> sometimes my Roaming Profile gets buggy and i cant use the Reboot 
> Shutdown ... function all other works.
> When i make a new users.v6 folder the Profile works again very well.
> 
> I tried all GPOs i found for energy settings but nothing helps if the 
> Profile is broken.  Only delete and make a new one works
> 
> Samba 4.11.2
> Win10 1803-1903
> 
> any ideas? or Workarounds?

Same as the previous message on the list. Your rights setup is incorrect. 
Share security : everyone full. 
Folder security : Creater Onwer - Special, only sub folders and files 
			Adminstrator - Full control, This folder and subfolders and files. 
			BUILTIN\Administrators	special, only this folder.

I suggest setup as show. 

[profiles]
    browseable = yes
    path = /your_path_too/profiles
    read only = no
    acl_xattr:ignore system acl = yes
Why not use the better windows mapping in profiles if its only use by windows. 

man smb.conf and read about acl_xattr:ignore system acl

Restart samba 

Then read : https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles#The_Windows_Roaming_Profile_Versions 

And apply exactly as shown, that should work.
DO NOTE, previous rights needs to set again, from within windows. 
Or, use setfact and setup like this. 

drwxrwx--T+ 110 root root  4096 Nov 11 14:42 profiles

getfacl profiles/
# file: profiles/
# owner: root
# group: root
# flags: --t
user::rwx
user:root:rwx
group::---
group:root:---
group:domain\040users:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:mask::rwx
default:other::---


drwxrwx---+  27 username domain users 4096 Oct 18 18:42 username.V6
getfacl profiles/username.V6/
# file: profiles/username.V6/
# owner: username
# group: domain\040users
user::rwx
user:username:rwx
group::---
group:2005:rwx
group:domain\040users:---
mask::rwx
other::---
default:user::rwx
default:user:username:rwx
default:group::---
default:group:2005:rwx
default:group:domain\040users:---
default:mask::rwx
default:other::---

Verify this, i have 2005, you GID number might be different

wbinfo -Y S-1-5-18
2005

wbinfo -G 2005
S-1-5-18

wbinfo -s S-1-5-18
NT Authority\SYSTEM 5


If not need more info, mail the list again. 
But above works for me since samba 4.6 or so. 
Win7-win10 upto 1903




Greetz, 

Louis

More information about the samba mailing list