Il giorno dom, 01/06/2008 alle 21.52 +0200, Mailing List SVR ha scritto:
> Il giorno dom, 01/06/2008 alle 21.14 +0200, Mailing List SVR ha scritto:
> > Il giorno sab, 31/05/2008 alle 21.01 +0200, Mailing List SVR ha scritto:
> > > Hi all,
> > >
> > > I have a really strange PDC issue:
> > >
> > > windows clients are able to join and to login, however some clients have
> > > permissions issue on their local machine, for example they cannot modify
> > > settings suck as menubar, folder view, set quick start shortcuts ecc...
> > > so they cannot use the pc. However if they create a desktop file or
> > > folder on logoff their profiles are correctly updated.
> > >
> > > On the same machine some users can do these things and some other
> > > cannot. The users are all local machine administrators.
> > >
> > > Google seems doesn't help. Someone with this really strange issue?
> > >
> > > my system is centos 5.1 (all updates applied) with default samba
> > > (3.0.25)
> > >
> > > in my logs nothing seems interesting
> > >
> > > here is my configuration:
> > >
> > > [global]
> > > unix charset = ISO-8859-15
> > > display charset = ISO-8859-15
> > > workgroup = PDC
> > > server string = Server di dominio
> > > interfaces = lo, eth0
> > > bind interfaces only = Yes
> > > obey pam restrictions = Yes
> > > passdb backend = tdbsam
> > > pam password change = Yes
> > > passwd program = /usr/bin/passwd %u
> > > passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n
> > > *Password*changed*
> > > username map = /etc/samba/smbusers
> > > unix password sync = Yes
> > > log level = 1
> > > syslog = 0
> > > log file = /var/log/samba/%m.log
> > > max log size = 100
> > > name resolve order = wins bcast hosts
> > > time server = Yes
> > > printcap name = CUPS
> > > show add printer wizard = No
> > > add user script = /usr/sbin/useradd "%u" -n -g users
> > > delete user script = /usr/sbin/userdel "%u"
> > > add group script = /usr/sbin/groupadd "%g"
> > > delete group script = /usr/sbin/groupdel "%g"
> > > add user to group script = /usr/sbin/usermod -G '%g' '%u'
> > > delete user from group script = /usr/sbin/userdel "%u" "%g"
> > > add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M
> > > -d /nohome -s /bin/false "%u"
> > > abort shutdown script = /sbin/shutdown -c
> > > logon script = scripts\logon.bat
> > > logon path = \\%L\profiles\%U
> > > logon drive = H:
> > > logon home = \\%L\%U
> > > domain logons = Yes
> > > os level = 255
> > > preferred master = Yes
> > > domain master = Yes
> > > dns proxy = No
> > > wins support = Yes
> > > invalid users = bin, deamon, sys, man, postfix, mail, ftp
> > > admin users = root
> > > hosts allow = 127., 192.168.2.
> > > map acl inherit = Yes
> > > printing = cups
> > > cups options = raw
> > > print command =
> > > lpq command = %p
> > > lprm command =
> > > hide unreadable = Yes
> > > veto files = /*.eml/*.nws/*.{*}/
> > > veto oplock files = /*.doc/*.xls/*.mdb/
> > >
> > > [homes]
> > > comment = Home Directories
> > > valid users = %S
> > > read only = No
> > > browseable = No
> > >
> > > [printers]
> > > comment = All Printers
> > > path = /var/spool/samba
> > > guest ok = Yes
> > > printable = Yes
> > > use client driver = Yes
> > > browseable = No
> > >
> > > [netlogon]
> > > comment = Network Logon Service
> > > path = /home/samba/netlogon
> > > guest ok = Yes
> > > locking = No
> > > share modes = No
> > >
> > > [Profiles]
> > > comment = Roaming Profile Share
> > > path = /home/samba/profiles
> > > read only = No
> > > profile acls = Yes
> > > case sensitive = No
> > > preserve case = No
> > > short preserve case = No
> > > hide files = /desktop.ini/ntuser.ini/NTUSER.*/
> > > browseable = No
> > > csc policy = disable
> > >
> > >
> > > thanks
> > > Nicola
> > >
> >
> > I just updated to 3.0.28 (srpm from rhel 5 update 2) but still the same
> > issue.
> >
> > net groupmap list
> >
> > give this result:
> >
> > Domain Users (S-1-5-21-487449451-2765197844-2627020230-1002) -> users
> > Produzione (S-1-5-21-487449451-2765197844-2627020230-1004) -> produzione
> > Vss (S-1-5-21-487449451-2765197844-2627020230-1006) -> vss
> > Domain Admins (S-1-5-21-487449451-2765197844-2627020230-1001) -> root
> > Domain Guests (S-1-5-21-487449451-2765197844-2627020230-1003) -> nobody
> > Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1005) ->
> > amministrazione
> >
> > If I remember the last part of "Domain User" was 513 and not 1002, can
> > this create issues?
> >
> > thanks
> > Nicola
> >
>
> I remapped windows group and unix group
>
> net groupmap add rid=512 ntgroup="Domain Admins" unixgroup=root type=d
> net groupmap add rid=513 ntgroup="Domain Users" unixgroup=users type=d
> net groupmap add rid=514 ntgroup="Domain Guests" unixgroup=nobody
> type=d
> net groupmap add rid=547 ntgroup="Power Users" unixgroup=wheel type=d
>
>
> now:
>
> net groupmap list
> Produzione (S-1-5-21-487449451-2765197844-2627020230-1020) -> produzione
> Vss (S-1-5-21-487449451-2765197844-2627020230-1022) -> vss
> Power Users (S-1-5-21-487449451-2765197844-2627020230-547) -> wheel
> Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1021) ->
> amministrazione
> Domain Users (S-1-5-21-487449451-2765197844-2627020230-513) -> users
> Domain Admins (S-1-5-21-487449451-2765197844-2627020230-512) -> root
> Domain Guests (S-1-5-21-487449451-2765197844-2627020230-514) -> nobody
>
> if I add an user to the root group all is fine, however "Domain Users"
> have the problems described above
>
>
> regards,
> Nicola
>
After group remapping new accounts works fine, the problem are the old
ones, even if I delete and then recreate an old account it doesn't work
as expectd, maybe something related to the account name remain on
windows or linux side,
any suggestions?
regards
Nicola
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
