RPvs> On Wed, 23 Jan 2019 09:17:33 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:>> So, some updates. >> I started that email a couple of hours ago - but suddenly, without >> changing a thing, the test client/station is suddenly now getting the >> correct GPO details.>> Yet, I've not synced the sysvol or done anything to change or update >> the GPO on either DC.RPvs> Sometimes strange things happen ;-) So, lets ignore the super long latency for now. I have run into this several times and always thought I'd setup the file/directory permissions wrong - but that's not what is happening. The roaming profiles themselves are stored on a freenas box. The FreeNAS box is running Samba 4.7.0 It's acting, I believe, as a domain member. It does user/group lookups from the DC's to determine what "users" get access to which files/folders. This, as far as I can tell, works as designed. What's going south is when the user creates their own "home" and "profile" directories. The create mask appears to be wrong. [I've explicitly set it to 0666 on files and 0777 on directories] But, when the Windows system creates the directory on first login, the permissions are kinda wonky. Here's what the test user's profile directory permissions look like. drwx------+ 2 AD\sales01 AD\domain admins 2 Jan 23 09:24 sales01.V6 Domain Admins should get the same rights as the user, but they're not. This looks like a creation mask problem, but perhaps it's something else. Suggestions on where to look to control the default rights on folder creation? As noted: I've tweaked folder and files default masks 0666 for files and 0777 for folders and that doesn't seem to have helped. I've also changed the permissions of the "Domain Users" in the root folder that the above profile gets held in - and changed the rights from the "normal" read/traverse/create-folder to even "full control" without any change. I'm just not sure where to look now. -Greg
On Wed, 23 Jan 2019 09:51:02 -0800 Gregory Sloop via samba <samba at lists.samba.org> wrote:> > RPvs> On Wed, 23 Jan 2019 09:17:33 -0800 > RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: > > >> So, some updates. > >> I started that email a couple of hours ago - but suddenly, without > >> changing a thing, the test client/station is suddenly now getting > >> the correct GPO details. > > >> Yet, I've not synced the sysvol or done anything to change or > >> update the GPO on either DC. > > RPvs> Sometimes strange things happen ;-) > > So, lets ignore the super long latency for now. > I have run into this several times and always thought I'd setup the > file/directory permissions wrong - but that's not what is happening. > > The roaming profiles themselves are stored on a freenas box. > The FreeNAS box is running Samba 4.7.0 > > It's acting, I believe, as a domain member. > It does user/group lookups from the DC's to determine what "users" > get access to which files/folders. This, as far as I can tell, works > as designed. > > What's going south is when the user creates their own "home" and > "profile" directories. The create mask appears to be wrong. [I've > explicitly set it to 0666 on files and 0777 on directories] But, when > the Windows system creates the directory on first login, the > permissions are kinda wonky. > > Here's what the test user's profile directory permissions look like. > drwx------+ 2 AD\sales01 AD\domain admins 2 Jan 23 09:24 > sales01.V6 > > Domain Admins should get the same rights as the user, but they're not. > This looks like a creation mask problem, but perhaps it's something > else. > > Suggestions on where to look to control the default rights on folder > creation? As noted: I've tweaked folder and files default masks 0666 > for files and 0777 for folders and that doesn't seem to have helped. > I've also changed the permissions of the "Domain Users" in the root > folder that the above profile gets held in - and changed the rights > from the "normal" read/traverse/create-folder to even "full control" > without any change. I'm just not sure where to look now. > > -GregHave you read this: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles and possibly, this: https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections Rowland
RPvs> Have you read this: RPvs> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles RPvs> and possibly, this: RPvs> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections RPvs> Rowland Yes, and I believe I've done everything properly. That's where I started. So I think we're back to; What items control file/directory creation and the default permissions? What should I be looking at, or tinkering with?