On Tue, 2012-12-18 at 02:45 +1100, Stephen Jones wrote: > The problem is your smb.conf [profiles]. The only options you need are > the path and read only = no. Control access from Windows with an ACL > applied to the profiles share security properties rather than forcing > permissions from Samba. S4 is different from S3. I'm not sure if those > mask options work in S4 but, if they do, those values will deny all > access set through extended ACLs because those are applied through the > group class. > Fix smb.conf
Ok, did that. Anyway, for whatever reason roaming profiles started worked. Even before I make this change. > and start with an empty profiles directory Totally and completely not an option. This is a migrated domain with existing profiles. > root:root. getfacl will show you the Posix ACLs created from Windows. > From Windows ADUC add the roaming profiles path to the user's profile. They already have this attribute by virtue of the migration. The existence of the attribute has been verified. > Tip: There is a GPO setting under > computer-policies-templates-system-user profiles to add the > administrators group to roaming profiles. This is a good idea, > otherwise administrators cannot browse the profile folders. Cool, I'll take a look on that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
