How can I stop this from happening, without having to manually adjust the permissions? Should I use "force create mode = 0600" or "force directory mode = 0700"? If so, then where?
For example drwx------ 2 root daemon 4096 Nov 12 14:58 S-1-5-21-515...
"Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator.
DETAIL - Access is denied."
"Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off." ------------smb.conf-------------- [global]
# -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat
add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos "%u Samba Machine Account" \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC --
invalid users = root <snip> (many misc settings here -- omitted for ease of reading)
[netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] # path = /var/lib/samba/profiles # path = /netapp/profiles ??? # read only = no # create mask = 0600 # directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes -------------------------------------------------------- Thanks in advance JAZ ========== -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba