[Samba] Changes to Folder Redirection

L.P.H. van Belle belle at bazuin.nl
Tue Feb 4 08:06:48 UTC 2020 

Hai Bob, 

Always.. Pretty buzzy at the office atm, so thats why i have not much around, but i had a look.

If everything is setup correctly. 
Using Group Policy Folder Redirection, is also the one i use and you should use. 

Are you using it like this. 
\\hostname.internal.domain.tld\users\%USERNAME%\Desktop 

If i look at this. ( on the wiki ) 

On the Settings tab:
Unselect Grant the user exclusive rights.
Unselect Move the contents of Documents to the new location.
Select Also apply redirection to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
Select Leave the folder in the new location when policy is removed.

Its not wrong, but i of all the opposite but thats what you preffer/need or can work with. 

/home/users, shared as users ( as shown above ). 
My resulting settings of getfacl.
getfacl users/
# file: users/
# owner: root
# group: root
user::rwx
user:root:rwx
group::---
group:root:---
group:2004:r-x
group:2005:rwx
group:domain\040users:r-x
group:domain\040admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:2005:rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::---

And a resulting user homedir. 

# file: users/username/
# owner: username
# group: root
user::rwx
user:root:rwx
user:username:rwx
group::---
group:root:---
group:BUILTIN\\administrators:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:username:rwx
default:group::---
default:group:root:---
default:group:BUILTIN\\administrators:rwx
default:mask::rwx
default:other::---

The folder is autocreated but i have only one problem here, 
An in correct right on the homedir itself. 
Which i fix manually, because without it the folderredirection isnt working. 
For me this has todo with how i use NFSv4 (kerberized) user homedirs. 

But since i know what it is i dont mind. 

For me this is the cause, its a combination of 
Grant the user exclusive rights, which i have it enabled. 
NFS and using backend AD. 

When a folder is created from withing RSAT tools, it is nicely created but, 
It results in "root" being owner of the user homedir and then the folder redirect isnt working. 

You can try it/test if this is the same thing for you. 
Create a user through RSAT tools set the homedirs and profile folders using: 
This format. 
\\hostname.internal.domain.tld\users\%USERNAME%
\\hostname.internal.domain.tld\profiles\%USERNAME%

As Administrator, open the explorer, goto the user folder and properties, Advanced, Owner. 
Here change the Owner to the username, its now most probely root. 
Replace Owner on all sub object needs to be ticked.. 

Now login again and see of you redirect works. 

.. Ps. 
The "different GPO way" .. No, dont do that, use as it should be used. 
Use the GPO's. 

If it still isnt working. 
I need the exact eventid and description. 

So far, 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob 
> Wooden via samba
> Verzonden: maandag 3 februari 2020 23:38
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Changes to Folder Redirection
> 
> Yes, I have seen that script and captured it in my library.
> 
> So, I am looking at this "different GPO way" and wondering if 
> that might 
> resolve my strange GPO issue.
> 
> Maybe Louis will chime in tomorrow morning when he gets up?
> 
> Have a good night.
> 
> ^^^^^^^^^^^^^^
> 
> Bob Wooden
> 
> On 2/3/2020 4:06 PM, Rowland penny via samba wrote:
> > On 03/02/2020 21:53, Bob Wooden via samba wrote:
> >> So, what is the difference between "Using Group Policy Folder 
> >> Redirection" and "Using a Group Policy Preference"? Is it an 
> >> either/or and _NOT both_ scenario?
> >>
> >> Clearly the ". . . Policy Preference" is editing the registry 
> >> settings of each workstation with a GPO. Something the " . 
> . . Policy 
> >> Folder Redirection" does not do.
> >>
> >> Is not "Using a Group Policy Preference" a newer method 
> than the other?
> >
> > Sorry, but I don't know, I do not use GPO's ;-)
> >
> > You need Louis for this, what I do know is, Windows cannot create 
> > anything on a Linux computer, there just isn't the code to do this. 
> > This is what 'root preexec' does, it runs a script to 
> create the users 
> > home directories.
> >
> > Rowland
> >
> >
> >
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list