Here's another question related to how to use masks --
In my PDC area I specify:
logon path = \\netapp\profiles\%u
This puts server-based (roaming) profiles on my Network Appliance (which itself is an SMB/PDC client).
A previous admin here left this commented section:
#[profiles] # path = /var/lib/samba/profiles # path = /netapp/profiles ??? # read only = no # create mask = 0600 # directory mask = 0700
So, is this the sytax for masks? Do I add "create mask = 0744" -OR- "force create mask = 0744"? Where do I put it? Anywhere in smb.conf?
Should the mask be 0077? (it's a mask, not chown notation, right??)
PS, When I had Windows login trouble, these perms tweaks fixed it: /home/profiles# chown -R <user> <user> /home/profiles# chmod -R 700 <user>
NOTE: We're using Samba as a PDC fine with the below smb.conf. So I don't want to muck up permission by adding an improper mask statement.
So Again, this permissions issue only came up when I copied a profile from a local Win2K box to the PDC profile dir using local administrator "Copy To..." feature under System | User Profiles (control panel).
Thanks again! -JAZ
joec wrote:
Try this: net mask = 0744 (or 755 depending on what you want the permissions to be) directory mask = 0755
Check a samba book for the correct options, but that is how I did the trick on my network at home.
Joe
Justin Zachor <[EMAIL PROTECTED]> wrote :
On a newly migrated profile (migrated onto Samba server, from local) some files/dirs get root ownership.
How can I stop this from happening, without having to manually adjust the permissions? Should I use "force create mode = 0600" or "force directory mode = 0700"? If so, then where?
For example drwx------ 2 root daemon 4096 Nov 12 14:58 S-1-5-21-515...
"Windows cannot copy file \\netapp\profiles\user\Application Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and Settings\user.FOOBAR\Application Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network administrator.
DETAIL - Access is denied."
"Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off." ------------smb.conf-------------- [global]
# -- BEGIN PDC -- domain logons = yes logon path = \\netapp\profiles\%u logon drive = H: logon home = \\netapp\%u\.winprofile logon script = logon.bat
add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/adduser --firstuid 9001 \ --lastuid 9500 \ --gid 9000 --home /dev/null --shell /bin/false \ --no-create-home \ --disabled-password --gecos "%u Samba Machine Account" \ --force-badname %u admin users = @ntadmins workgroup = FOOBAR # -- END PDC --
invalid users = root <snip> (many misc settings here -- omitted for ease of reading)
[netlogon] comment = Network Logon Service browseable = no path = /var/lib/samba/netlogon read only = yes write list = @ntadmins #[profiles] # path = /var/lib/samba/profiles # path = /netapp/profiles ??? # read only = no # create mask = 0600 # directory mask = 0700 [homes] comment = Home Directories browseable = no force create mode = 0755 force directory mode = 0755 writable = yes -------------------------------------------------------- Thanks in advance
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
