Sorry,
I've not seen this thread before (as I'm with a 3.0.20 version !) :
http://marc.theaimsgroup.com/?l=samba&m=113252204111203&w=2
And this one for the Bugzilla link :
https://bugzilla.samba.org/show_bug.cgi?id=3042
I've not done like Robert and Tomek with "NETLOGON" look here :
[netlogon]
path = /var/lib/samba/netlogon/
read only = no
public = yes
write list = @"Domain Admins"
create mask = 0755 <-------- this is not necessary 0750 is sufficient
directory mask = 0755 <-------- The same 0750 is good
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0755 <-------- You can DELETE this line if you use ACLS
directory mask = 0755 <-------- The same , can DELETE this
browseable = No
guest ok = Yes
profile acls = yes
inherit permissions = yes
inherit acls = yes <-------- Using filsystem with acls support
acl check permissions = no
The main advantage of doing this with ACLS is that you can put your
Domain Administrator to have rights onto the Users Profiles (thats why
we must put acl "check permissions = no" because of microsoft
implementation is to verify that ONLY the user owner of his proper
profile dir can RWX. Set ACLS onto
/var/lib/samba/profiles like this :
# file: profiles
# owner: root
# group: domainusers
user::rwx
group::rwx
mask::rwx
other::r-x
default user::rwx
default user:root:rwx
default group:domainusers:--- <--- for me I've let rwx here but this should
work like this.
default other::---
default mask::rwx
The only thing I've seen a little strange , is in the user computer into
c:\documents and setting\%userprofile%\directories ..
many dirs. have the read only attribute set onto the windows properties
(the default profile is copied from the PDC/Samba domain), but seems to
not affect the handling of files ..
perhaps of my 3.0.20 version ...
Xavier
xavier a écrit :
hi,
My NTconfig.pol file into \\netlogon share seems to be good...
in the logs the file is readed with no problem at my user logon.
The strange think I have is that the policy I've made is applied if my
user loggon onto a windows 2003 server we have for testing purpose !
(If I loggon first onto my win2k machine, the policy is not applied ...)
logging after onto my win2k computer takes advantage of the policy
made before.
I can't explain myself what is happening there, strange ...
what could be the difference between those two loggings onto 2
different OS.
Xavier
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
