xavier
2006-Apr-18 21:50 UTC
[Samba] Ntconfig.pol policies not applied immediatly after been read
hi, My NTconfig.pol file into \\netlogon share seems to be good... in the logs the file is readed with no problem at my user logon. The strange think I have is that the policy I've made is applied if my user loggon onto a windows 2003 server we have for testing purpose ! (If I loggon first onto my win2k machine, the policy is not applied ...) logging after onto my win2k computer takes advantage of the policy made before. I can't explain myself what is happening there, strange ... what could be the difference between those two loggings onto 2 different OS. Xavier
xavier
2006-Apr-20 21:28 UTC
[Samba] Re: Ntconfig.pol policies not applied immediatly after been read
Sorry, I've not seen this thread before (as I'm with a 3.0.20 version !) : http://marc.theaimsgroup.com/?l=samba&m=113252204111203&w=2 And this one for the Bugzilla link : https://bugzilla.samba.org/show_bug.cgi?id=3042 I've not done like Robert and Tomek with "NETLOGON" look here : [netlogon] path = /var/lib/samba/netlogon/ read only = no public = yes write list = @"Domain Admins" create mask = 0755 <-------- this is not necessary 0750 is sufficient directory mask = 0755 <-------- The same 0750 is good [profiles] path = /var/lib/samba/profiles read only = no create mask = 0755 <-------- You can DELETE this line if you use ACLS directory mask = 0755 <-------- The same , can DELETE this browseable = No guest ok = Yes profile acls = yes inherit permissions = yes inherit acls = yes <-------- Using filsystem with acls support acl check permissions = no The main advantage of doing this with ACLS is that you can put your Domain Administrator to have rights onto the Users Profiles (thats why we must put acl "check permissions = no" because of microsoft implementation is to verify that ONLY the user owner of his proper profile dir can RWX. Set ACLS onto /var/lib/samba/profiles like this : # file: profiles # owner: root # group: domainusers user::rwx group::rwx mask::rwx other::r-x default user::rwx default user:root:rwx default group:domainusers:--- <--- for me I've let rwx here but this should work like this. default other::--- default mask::rwx The only thing I've seen a little strange , is in the user computer into c:\documents and setting\%userprofile%\directories .. many dirs. have the read only attribute set onto the windows properties (the default profile is copied from the PDC/Samba domain), but seems to not affect the handling of files .. perhaps of my 3.0.20 version ... Xavier xavier a ?crit :> hi, > > My NTconfig.pol file into \\netlogon share seems to be good... > in the logs the file is readed with no problem at my user logon. > The strange think I have is that the policy I've made is applied if my > user loggon onto a windows 2003 server we have for testing purpose ! > (If I loggon first onto my win2k machine, the policy is not applied ...) > logging after onto my win2k computer takes advantage of the policy > made before. > > I can't explain myself what is happening there, strange ... > what could be the difference between those two loggings onto 2 > different OS. > > Xavier >