Can you provide before and after examples for a home directory.
Specifically, 'ls -lVd <homedir>' when things are working and also
when it is not working (before you reapply ACL).
Thanks,
Alan
ACL On 08/12/10 03:10 AM, MichaelHoy wrote:
I have an OpenSolaris server (snv_134) offering network storage via CIFS to a
small pilot group for testing prior to a larger roll-out.
The server is a member of a MS AD and local Unix accounts are mapped explicitly
on a one to one basis via idmap to their domain equivalents. The AD Domain
Users group is mapped to a local Unix group also.
There is a single file system shared via smb with directories to host each
users personal file space. The Unix ACL on each directory is such that only
root and the necessary user account have the equivalent of Full Control, no
other user accounts have access.
The CIFS connection to these directories happens automatically via the AD
HomeDir attribute each time the user logs on and permissions seem fine. This
bit never fails. Also, mapping through the command prompt using the UNC path
works every time.
My issues is that when the users log onto a Citrix Desktop and attempt to load
their Terminal Service Profile (stored in a sub-directory of their personal
file space), they often get the error “Windows cannot find the local profile
and is logging you on with a temporary profile”. Their automatic personal file
space drive mapping is always there.
The properties of the share are as follows…
zfs
zfs/pstaff/home smb=()
/pstaff/home
home=/pstaff/home smb=(csc="disabled" abe="true"
guestok="false")
This error is returned immediately – there is no apparent delay while the
Citrix server attempts to resolve\load the profile from the UNC path which led
me to suspect that permissions were behind this.
If I get the user to log off and then I reapply the ACLs of their personal file
space using chmod then they can then log straight back on successfully without
this profile issue.
The user can then log on/off without the profile issues reoccurring unless they
wait a few hours in between and then it reappears e.g. each morning.
I need to apply this ‘fix’ individually to each user when they get this issue.
It almost as if the idmap for the individual is lost however, that appears to
be contradicted by the fact that their conventional mapping and ACLs are always
there and correct.
Does anyone have any ideas since the profiles are obviously fine?
That’s for taking the time.
Regards
Michael
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
