On Sun, 2005-10-02 at 16:24 -0400, Chris Robinson wrote:> I have been running our companies XP Pro systems on our Samba domain
> controller (version: 3.0.10-1.4E) with local administrative rights up to
> this point. Everything has worked fine.
>
> We are getting larger now and I'd like to make the logins locally
> restricted (I want them to have XP's "Users" rights and
"Remote Desktop
> Users" only). When I restrict the accounts to anything below
> administrative rights on XP SP2 however nothing in the profile gets
> saved. I have tried this with XP SP1 and everything works as I expect.
>
> I have tried:
> *Turning off the XP SP2 firewall. No difference
> *Running a sniffer on it. Don't know what I'm looking for but
nothing
> seemed out of the ordinary.
> *Giving the user administrative rights, logging in and making changes.
> Then I logged out and logged in as the Administrator and dropped the
> rights to "Users" and logged back in. The first time I log in I
see the
> profile the user left when it had administrative rights, but when I
> logout and log back in it resets the profile again.
> *Had profile acls on and off. No difference
>
> Here is my smb.conf for global and profiles:
> [global]
> workgroup = MYCO
> netbios name = MYCOPDC
> interfaces = 192.168.0.5
> time server = Yes
> unix extensions = No
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false -d
> /dev/null %u
> logon script = logon.bat
> logon path = \\%L\profiles\%u\%m
> # logon path > logon drive = H:
> logon home = \\%L\%u\.win_profile\%m
> domain logons = Yes
> os level = 70
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> hosts allow = 192.168.1.0/255.255.255.0,
> 192.168.3.0/255.255.255.0, 192.168.254.0/24, 192.168.0.90, 192.168.0.91,
> 127.0.0.1, 192.168.6.0/24, 192.168.7.0/24, 192.168.8.0/24
>
> [netlogon]
> path = /etc/samba/
> valid users = root, @users
> admin users = root
> browseable = No
>
> [profiles]
> path = /home/samba-ntprof
> read only = No
> create mask = 0600
> directory mask = 0700
> browseable = No
> # profile acls = yes
----
Presuming that when you say that nothing in the profile gets saved when
their privileges are reduced, I am presuming that you mean that the
profiles aren't saved on the server.
think that you need to have profile acls = yes NOT commented out
firewall settings have no impact whatsoever on whether profiles are
saved.
you probably want to add...
csc policy = disable
to the profile share definition as well.
As far as your specific problem, what is the permissions of
/home/samba-ntprof
on mine...
# ls -ld /home/samba/profiles/
drwxrwx--- 6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
where all users are members of 'dom_users' group and thus can write to
the directory
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.