Hi all,
FreeBSD 6.2-RELEASE-p7, with standard port-built Samba 3.0.25a.
Samba is running as a PDC, serving a small LAN of about 20 XP Pro hosts.
Permissions on the [profiles] share are 0700, root:wheel owned, with
each user's profile being owned by the user's UNIX user:wheel and with
0700 permissions. [homes] is fairly standard - I have left home dir
ownership and permissions as FreeBSD's pw command creates them. My users
have their own primary groups named for their UNIX account, and are all
members of the ntusers local group, which is mapped to "Domain Users".
I created a couple of new accounts yesterday, which cannot access their
profiles. Pre-existing, functional accounts work as expected - a new smbd
is spawned running as root, and correctly load the user's profile. However,
with these new accounts, smbd is spawned as nobody, then as the connecting
user's UNIX name, so is unable to read the profiles due to permissions.
As far as I can tell, there is no difference in the way I created any
of these accounts, the well- or the ill-behaved. What might I be missing?
As a workaround, I have just loosened the permissions on the profiles
share to 755, and the problem goes away. However, I would really like
to go back to the tighter restrictions, as this is a school environment
and I am paranoid of the little dears fiddling and breaking things!
Thanks for your time and any insights. Apart from this, I have found
Samba to be an absolute pleasure to work with!
Dan
--
Daniel Bye
PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc
PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070905/f441687f/attachment.bin