[Samba] Re: SAMBA PDC User Permissions, Admin Settings, and Logon?
I think the administrator group issue is not going to be resolved when we get real support for mapping groups to windows, isn't it? "Jason Norred" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm having a similiar problem on my 2.2.7 PDC. If my users are not > listed in the domain admin group, then they have very restricted access > to the windows registry when the login. Most of their programs will not > work at all. I'm not sure at this point what the solution is. I want to > see if there is a way to do something like add their DOMAIN user account > to the LOCAL machines POWER USER group. I'm going to give it a shot in > the morning. > > Do you have your /home issue fixed yet? I would be happy to help you > with that if you are still having problems. > > If anyone has any ideas or suggestions about my registry permissions, > let me know... > > Thanks, > Jason N. > > > > > On Tue, 2003-02-25 at 05:51, richard wrote: > > > Hi, Don't know if this is relevant but I read somewhere that including > > below in [global] makes Samba do strange things? I believe this is a > > "share" parameter? If this helps please post your results. > > > > profile acls = Yes > > > > Richard. > > > > On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote: > > > Hi all! First off, I'd like to thank you for the help you've previously > > > given me. I'd like to state a few of the problems I am now experiencing, > > > and you all can provide insight. I've read all the documentation I can find > > > and have surfed the archives for this newsgroup, but to no avail. Any help > > > would be greatly appreciated! > > > > > > (I am using SAMBA 2.2.7) > > > > > > Issue 1: If I don't have every user listed in the admin users = section that > > > I want to allow logon access, they cannot log on. I usually get a domain > > > unavailable error. > > > > > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > > > machine I want to logon to, I get some kind of very, very limited logon. It > > > almost seems to be corrupted. > > > > > > Issue 3: This is my main frustration - I cannot seem to block access to > > > other peoples shares! EG user chrisg can access the nolan share, etc. > > > > > > Final Issue: Not a big problem, but I can't figure out how to set up the > > > CUPS drivers for the pdf-generator. > > > > > > Is it a winbind problem, bad config, or am I just a moron? > > > > > > Attached is my smb.conf > > > > > > # Samba config file created using SWAT > > > # from gridlock.workgroup.net (192.168.0.5) > > > # Date: 2003/02/24 18:08:30 > > > > > > # Global parameters > > > [global] > > > netbios name = MAIN > > > server string = Samba Server %v > > > encrypt passwords = Yes > > > passwd program = /usr/bin/passwd %u > > > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > > > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > > > asswd: *all*authentication*tokens*updated*succesfully* > > > unix password sync = Yes > > > log level = 1 > > > log file = /var/log/samba/log.%m > > > max log size = 50 > > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > > > F=8192 SO_SNDBUF=8192 > > > printcap name = cups > > > domain admin group = @admins > > > add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin > > > /false -M %u > > > logon script = %U.bat > > > logon path = \\main\profiles\%U > > > logon drive = Z: > > > logon home = \\main\%U\.profile > > > domain logons = Yes > > > os level = 99 > > > domain master = Yes > > > dns proxy = No > > > wins support = Yes > > > winbind uid = 1-2 > > > winbind gid = 1-2 > > > ; valid users = ahayes root danielleg chrisg rickg nolan > > > admin users = root nolan chrisg rickg danielleg alyssag > > > printer admin = nolan root > > > hosts allow = 192.168.0. 127. > > > ; profile acls = Yes > > > printing = cups > > > > > > [homes] > > > comment = Home Directory for %u > > > read only = No > > > create mask = 0660 > > > directory mask = 0770 > > > browseable = No > > > oplocks = No > > > level2 oplocks = No > > > > > > [netlogon] > > > comment = Network Logon Service > > > path = /var/lib/samba/netlogon > > > write list = root nolan > > > > > > [profiles] > > > path = /var/lib/samba/profiles > > > read only = No > > > create mask = 0600 > > > directory mask = 0700 > > > guest ok = Yes > > > browseable = No > > > csc policy = disable > > > > > > [printers] > > > comment = All Printers > > > path = /var/spool/samba > > > printer admin = root nolan > > > guest ok = Yes > > > printable = Yes >
[Samba] RE: SAMBA PDC User Permissions, Admin Settings, and Logon?
Thank you! This definitely fixed the mapping problem. Now if I could only make my logons TRULY roaming... Nolan Rob Savage wrote: > Hey Nolan, > > I can easily give you an answer to I3 > >>Issue 3: This is my main frustration - I cannot seem to block access to >>other peoples shares! EG user chrisg can access the nolan share, etc. >> >> >>[homes] >>comment = Home Directory for %u >>read only = No >>create mask = 0660 >>directory mask = 0770 >>browseable = No >>oplocks = No >>level2 oplocks = No > > Try adding these: > > Valid users = %U > Path = /home/%u > Guest ok = No > --- > Have an excellent day, > > Rob Savage > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Nolan > Garrett > Sent: February 24, 2003 11:49 AM > To: [EMAIL PROTECTED] > Subject: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon? > > Hi all! First off, I'd like to thank you for the help you've previously > given me. I'd like to state a few of the problems I am now experiencing, > and you all can provide insight. I've read all the documentation I can > find and have surfed the archives for this newsgroup, but to no avail. Any > help would be greatly appreciated! > > (I am using SAMBA 2.2.7) > > Issue 1: If I don't have every user listed in the admin users = section > that I want to allow logon access, they cannot log on. I usually get a > domain unavailable error. > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > machine I want to logon to, I get some kind of very, very limited logon. > It almost seems to be corrupted. > > Issue 3: This is my main frustration - I cannot seem to block access to > other peoples shares! EG user chrisg can access the nolan share, etc. > > Final Issue: Not a big problem, but I can't figure out how to set up the > CUPS drivers for the pdf-generator. > > Is it a winbind problem, bad config, or am I just a moron? > > Attached is my smb.conf > > # Samba config file created using SWAT > # from gridlock.workgroup.net (192.168.0.5) > # Date: 2003/02/24 18:08:30 > > # Global parameters > [global] > netbios name = MAIN > server string = Samba Server %v > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > asswd: *all*authentication*tokens*updated*succesfully* > unix password sync = Yes > log level = 1 > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > F=8192 SO_SNDBUF=8192 > printcap name = cups > domain admin group = @admins > add user script = /usr/sbin/useradd -d /dev/null -g machines -s > /bin > /false -M %u > logon script = %U.bat > logon path = \\main\profiles\%U > logon drive = Z: > logon home = \\main\%U\.profile > domain logons = Yes > os level = 99 > domain master = Yes > dns proxy = No > wins support = Yes > winbind uid = 1-2 > winbind gid = 1-2 > ; valid users = ahayes root danielleg chrisg rickg nolan > admin users = root nolan chrisg rickg danielleg alyssag > printer admin = nolan root > hosts allow = 192.168.0. 127. > ; profile acls = Yes > printing = cups > > [homes] > comment = Home Directory for %u > read only = No > create mask = 0660 > directory mask = 0770 > browseable = No > oplocks = No > level2 oplocks = No > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root nolan > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > guest ok = Yes > browseable = No > csc policy = disable > > [printers] > comment = All Printers > path = /var/spool/samba > printer admin = root nolan > guest ok = Yes > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /etc/samba/drivers > write list = root nolan > > [pdf-generator] > comment = PDF Generator (only valid users!) > path = /var/tmp > printable = Yes > print command = /usr/share/samba/scripts/print-pdf %s ~%u > %L > %u %m & > > [public] > comment = Public > path = /home/samba/public > read only = No > guest ok = Yes > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this
[Samba] Re: SAMBA PDC User Permissions, Admin Settings, and Logon?
Correct that - On Issue 2, I get no access at all. Nolan Nolan Garrett wrote: > Hi all! First off, I'd like to thank you for the help you've previously > given me. I'd like to state a few of the problems I am now experiencing, > and you all can provide insight. I've read all the documentation I can > find and have surfed the archives for this newsgroup, but to no avail. Any > help would be greatly appreciated! > > (I am using SAMBA 2.2.7) > > Issue 1: If I don't have every user listed in the admin users = section > that I want to allow logon access, they cannot log on. I usually get a > domain unavailable error. > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > machine I want to logon to, I get some kind of very, very limited logon. > It almost seems to be corrupted. > > Issue 3: This is my main frustration - I cannot seem to block access to > other peoples shares! EG user chrisg can access the nolan share, etc. > > Final Issue: Not a big problem, but I can't figure out how to set up the > CUPS drivers for the pdf-generator. > > Is it a winbind problem, bad config, or am I just a moron? > > Attached is my smb.conf > > # Samba config file created using SWAT > # from gridlock.workgroup.net (192.168.0.5) > # Date: 2003/02/24 18:08:30 > > # Global parameters > [global] > netbios name = MAIN > server string = Samba Server %v > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > asswd: *all*authentication*tokens*updated*succesfully* > unix password sync = Yes > log level = 1 > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > F=8192 SO_SNDBUF=8192 > printcap name = cups > domain admin group = @admins > add user script = /usr/sbin/useradd -d /dev/null -g machines -s > /bin > /false -M %u > logon script = %U.bat > logon path = \\main\profiles\%U > logon drive = Z: > logon home = \\main\%U\.profile > domain logons = Yes > os level = 99 > domain master = Yes > dns proxy = No > wins support = Yes > winbind uid = 1-2 > winbind gid = 1-2 > ; valid users = ahayes root danielleg chrisg rickg nolan > admin users = root nolan chrisg rickg danielleg alyssag > printer admin = nolan root > hosts allow = 192.168.0. 127. > ; profile acls = Yes > printing = cups > > [homes] > comment = Home Directory for %u > read only = No > create mask = 0660 > directory mask = 0770 > browseable = No > oplocks = No > level2 oplocks = No > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root nolan > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > guest ok = Yes > browseable = No > csc policy = disable > > [printers] > comment = All Printers > path = /var/spool/samba > printer admin = root nolan > guest ok = Yes > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /etc/samba/drivers > write list = root nolan > > [pdf-generator] > comment = PDF Generator (only valid users!) > path = /var/tmp > printable = Yes > print command = /usr/share/samba/scripts/print-pdf %s ~%u > %L > %u %m & > > [public] > comment = Public > path = /home/samba/public > read only = No > guest ok = Yes > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba