Hi!
As said in my earlier post, i upgraded Samba 3 to Samba 4.1.7 (Sernet) on Debian
Wheezy. I now have - thanks to this
list - installed and configured sssd to obtain user info from the AD, too. This
works well.
Some questions remain:
- If i create files on a share using Windows Explorer, Samba does not honour the
current user. The uid always is 3000000
which maps to the "DOMAIN/Administrator" user. The expected behaviour
would be that Samba uses the uid from the
authenticated user as stored in the AD unix extensions (in my case this would be
1005). Bug or feature? (IIRC the
primary group was applied correctly)
- If i follow the "Setup and configure file shares"-Howto and use the
"Computer Management" to manage the shares of the
DC only the shares which have the flag "browseable = yes" in smb.conf
are displayed. If i set "browseable = no", the
share is not shown. Which is a pity since i don't want to have e.g. the
profiles folder visible in the network
neighborhood, but i want to be able to manage it, of course. Seems i have to
change the smb.conf each time for that.
- If i use the same "Computer Management" method to change the
permissions on the shared folder (i.e. not the share
itself) via the "Security" tab then any setting that i select for
"This folder only" gets applied to any sub-folder in
the share, too. I.e. if i manage the "profiles" share and i already
have (old) subfolders (e.g. "user01.v2", etc.) in
it, the ACLs of the user folders get changed. Is this expected behaviour? In my
case i added the "Domain Users" group
and said "Traverse folder"/"List folder" limited to
"This folder only" as said in the "Samba & Windows
Profiles"-Howto.
The result is, that any user can now look into any other user's profile
folder - which is not the expected result?!
- This leads to the last question: Roaming Profiles seem not to work; which
seems to be a permission problem on the
profile folders (which i may have set wrong, see above). I'd be glad if
someone could give some insight how the profile
folder's permissions must be set for roaming to work.
Regards,
Peter
