Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7 [SOLVED]
On 09/10/12 21:18, Ludek Finstrle wrote: Hello steve, Tue, Oct 09, 2012 at 05:54:48PM +0200, steve napsal(a): On 09/10/12 17:36, steve wrote: On 08/10/12 18:23, steve wrote: On 08/10/12 17:40, m...@matws.net wrote: samba-tool ntacl sysvolreset --use-s3fs Now no user can enter sysvol: getfacl sysvol/ # file: sysvol/ # owner: root # group: wheel # flags: s-- user::rwx user:root:rwx group::r-- group:wheel:r-- group:300:r-- group:301:r-- group:302:r-- mask::rwx other::--- Using wbinfo: 300 BUILTIN\Server Operators 4 301 NT AUTHORITY\SYSTEM 5 302 NT AUTHORITY\Authenticated Users 5 but Authenticated Users do not get read access. . . maybe I'm wrong but in unix world you need x bit to be able to go into the directory. Luf Hi Luf, hi everyone OK, this was the clue I needed. I set the ACE's to r-x: setfacl -Rm g:300:rx sysvol/ setfacl -Rm g:301:rx sysvol/ setfacl -Rm g:302:rx sysvol/ setfacl -Rm g::rx sysvol/ setfacl -Rm g:wheel:rx sysvol/ and same for the default ACE's: setfacl -d -Rm g:300:rx sysvol/ (...) The ACE's now look like this: getfacl sysvol getfacl: Removing leading '/' from absolute path names # file: usr/local/samba/var/locks/sysvol # owner: root # group: wheel # flags: s-- user::rwx user:root:r-x group::r-x group:wheel:r-x group:300:r-x group:301:r-x group:302:r-x mask::r-x other::r-x default:user::rwx default:group::r-x default:group:301:r-x default:group:302:r-x default:mask::r-x default:other::--- Conclusion: The sysvol ACL's are not set correctly after running: samba-tool ntacl sysvolreset because e.g. authenticated users cannot get into the share to read the GPO's Maybe this is just with my distro, openSUSE as others have not reported any problems. Could a dev have a look at it? I'm sure I've not set the sysvol ACL's correctly but at least now folder redirection works. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 09/10/12 17:36, steve wrote: On 08/10/12 18:23, steve wrote: On 08/10/12 17:40, m...@matws.net wrote: samba-tool ntacl sysvolreset --use-s3fs Now no user can enter sysvol: getfacl sysvol/ # file: sysvol/ # owner: root # group: wheel # flags: s-- user::rwx user:root:rwx group::r-- group:wheel:r-- group:300:r-- group:301:r-- group:302:r-- mask::rwx other::--- Using wbinfo: 300 BUILTIN\Server Operators 4 301 NT AUTHORITY\SYSTEM 5 302 NT AUTHORITY\Authenticated Users 5 but Authenticated Users do not get read access. . . Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
Hello steve, Tue, Oct 09, 2012 at 05:54:48PM +0200, steve napsal(a): On 09/10/12 17:36, steve wrote: On 08/10/12 18:23, steve wrote: On 08/10/12 17:40, m...@matws.net wrote: samba-tool ntacl sysvolreset --use-s3fs Now no user can enter sysvol: getfacl sysvol/ # file: sysvol/ # owner: root # group: wheel # flags: s-- user::rwx user:root:rwx group::r-- group:wheel:r-- group:300:r-- group:301:r-- group:302:r-- mask::rwx other::--- Using wbinfo: 300 BUILTIN\Server Operators 4 301 NT AUTHORITY\SYSTEM 5 302 NT AUTHORITY\Authenticated Users 5 but Authenticated Users do not get read access. . . maybe I'm wrong but in unix world you need x bit to be able to go into the directory. Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 08/10/12 02:56, Matthieu Patou wrote: Steve Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Having the security tab back on \\hh1\USERS now gives everyone permission to enter and create files in the share and now Administrator has his Application Data redirected to the share. He has a file under \\hh1\USERS as per the GPO. However, ordinary users, whilst able to read and write the share do not have their Application Data redirected. Still works fine for all users with XP but not W7. Obviously the biggest change between XP and Seven is the fact that seven will use smb 2.x by default when XP can do smb/cifs. So you have to carefully look at the SMB2 trace between your client and the samba server when doing it with an admininistrator (which works if I understood your emails) and a normal user. Most probably our fileserver either deny someting to simple users or didn't answer correctly. For this you'll need to use wireshark. Once you have more information we might be able to help you, providing information + traces (if no sensitive information) might help even more. Matthieu. Hi Mattieu Thanks for the offer of help. Summary: 1. The Folder redirection GPO works fine for all users with XP and with Administrator on W7. 2. The folder redirection GPO dopes not work for ordinary domain users on W7. 3. I have run samba-tool ntacl sysvolreset Here is a screenshot of the GPO: http://dl.dropbox.com/u/45150875/gpo.png Here is smb.conf: [global] workgroup = MARINA realm = hh3.site netbios name = HH1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winb dns forwarder = 192.168.1.1 idmap_ldb:use rfc2307 = Yes [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [profiles] path = /home2/profiles read only = No create mask = 0700 [USERS] path = /home2/USERS read only = No Here is the wireshark of Administrator logon and logoff: http://dl.dropbox.com/u/45150875/logonadmin Here is the wireshark of a domain user, steve2, logon and logoff: http://dl.dropbox.com/u/45150875/logonuser In the user trace, there is no reference to the redirected folder on the server and none is created. The user seems unaware of the gpo. TIA for any time you can give. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 08/10/12 17:40, m...@matws.net wrote: Ok can you check that this simple user can go in the \\server\sysvol folder and then access all the files under dnsnamedomain/policies and cross check that this gpo is really applied by setting in the same gpo a rule for the wallpaper or something else visible. Hi I set the wallpaper in the same gpo: http://dl.dropbox.com/u/45150875/gpowallpaper.png This popup appears each time Administrator starts the GPO editor: http://dl.dropbox.com/u/45150875/sysvolerror.png Clicking OK gives 'Access is denied'. Same error whether I have run samba-tool ntacl sysvolreset or not. The GPO is created however. Results: 1. Ordinary users can read anything in the sysvol share 2. The wallpaper GPO is ignored both for W7 Administrator and for W7 users. note: The wallpaper GPO doesn't work on XP either but I don't think it was implemented then. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
Ok can you check that this simple user can go in the \\server\sysvol folder and then access all the files under dnsnamedomain/policies and cross check that this gpo is really applied by setting in the same gpo a rule for the wallpaper or something else visible. On Oct 8, 2012, at 12:40 AM, steve st...@steve-ss.com wrote: On 08/10/12 02:56, Matthieu Patou wrote: Steve Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Having the security tab back on \\hh1\USERS now gives everyone permission to enter and create files in the share and now Administrator has his Application Data redirected to the share. He has a file under \\hh1\USERS as per the GPO. However, ordinary users, whilst able to read and write the share do not have their Application Data redirected. Still works fine for all users with XP but not W7. Obviously the biggest change between XP and Seven is the fact that seven will use smb 2.x by default when XP can do smb/cifs. So you have to carefully look at the SMB2 trace between your client and the samba server when doing it with an admininistrator (which works if I understood your emails) and a normal user. Most probably our fileserver either deny someting to simple users or didn't answer correctly. For this you'll need to use wireshark. Once you have more information we might be able to help you, providing information + traces (if no sensitive information) might help even more. Matthieu. Hi Mattieu Thanks for the offer of help. Summary: 1. The Folder redirection GPO works fine for all users with XP and with Administrator on W7. 2. The folder redirection GPO dopes not work for ordinary domain users on W7. 3. I have run samba-tool ntacl sysvolreset Here is a screenshot of the GPO: http://dl.dropbox.com/u/45150875/gpo.png Here is smb.conf: [global] workgroup = MARINA realm = hh3.site netbios name = HH1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winb dns forwarder = 192.168.1.1 idmap_ldb:use rfc2307 = Yes [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [profiles] path = /home2/profiles read only = No create mask = 0700 [USERS] path = /home2/USERS read only = No Here is the wireshark of Administrator logon and logoff: http://dl.dropbox.com/u/45150875/logonadmin Here is the wireshark of a domain user, steve2, logon and logoff: http://dl.dropbox.com/u/45150875/logonuser In the user trace, there is no reference to the redirected folder on the server and none is created. The user seems unaware of the gpo. TIA for any time you can give. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba On 08/10/12 02:56, Matthieu Patou wrote: Steve Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Having the security tab back on \\hh1\USERS now gives everyone permission to enter and create files in the share and now Administrator has his Application Data redirected to the share. He has a file under \\hh1\USERS as per the GPO. However, ordinary users, whilst able to read and write the share do not have their Application Data redirected. Still works fine for all users with XP but not W7. Obviously the biggest change between XP and Seven is the fact that seven will use smb 2.x by default when XP can do smb/cifs. So you have to carefully look at the SMB2 trace between your client and the samba server when doing it with an admininistrator (which works if I understood your emails) and a normal user. Most probably our fileserver either deny someting to simple users or didn't answer correctly. For this you'll need to use wireshark. Once you have more information we might be able to help you, providing information + traces (if no sensitive information) might help even more. Matthieu. Hi Mattieu Thanks for the offer of help. Summary: 1. The Folder redirection GPO works fine for all users with XP and with Administrator on W7. 2. The folder redirection GPO dopes not work for ordinary domain users on W7. 3. I have run samba-tool ntacl sysvolreset Here is a screenshot of the GPO: http://dl.dropbox.com/u/45150875/gpo.png Here is smb.conf: [global] workgroup = MARINA realm = hh3.site netbios name = HH1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winb dns forwarder = 192.168.1.1 idmap_ldb:use rfc2307 = Yes [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 06/10/12 17:11, steve wrote: Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve Further tests show using the windows 'set' command, that the policy is only being applied to Administrator. IOW, 'APPDATA' is being redirected to the server. Everyone else still has the local Roaming folder for appdata. I have run gpupdate /force but still no folder redirection for users. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve Further tests show using the windows 'set' command, that the policy is only being applied to Administrator. IOW, 'APPDATA' is being redirected to the server. Everyone else still has the local Roaming folder for appdata. I have run gpupdate /force but still no folder redirection for users. Thanks, Steve Look for file permission errors in the network trace when accessing the GPO. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 07/10/12 10:52, Andrew Bartlett wrote: On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve Further tests show using the windows 'set' command, that the policy is only being applied to Administrator. IOW, 'APPDATA' is being redirected to the server. Everyone else still has the local Roaming folder for appdata. I have run gpupdate /force but still no folder redirection for users. Thanks, Steve Look for file permission errors in the network trace when accessing the GPO. Andrew Bartlett Hi Andrew I did a wireshark of a user called steve2 logging on and off: http://dl.dropbox.com/u/45150875/logon The folder to which the gpo should redirect to, \\hh1\USERS, is mentioned only once, all the other SMB2 traces refer to the steve2.V2 profile folder. I have Application Data redirected to \\hh1\USERS 'set' shows APPDATA is still local to the client. The gpo works fine on XP but fails for all users other than Administrator on W7. 'set' for Administrator shows the redirection to the server share at \\hh1\USERS\Administrator\Application Data. For Administrator nothing is written to the share, but I think this is because Administrator does not have a uidNumber nor gidNumber. Any help most gretfuly received. Cheers, Steve This works fine on XP but fails on W7. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 07/10/12 12:58, steve wrote: On 07/10/12 10:52, Andrew Bartlett wrote: On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve Further tests show using the windows 'set' command, that the policy is only being applied to Administrator. IOW, 'APPDATA' is being redirected to the server. Everyone else still has the local Roaming folder for appdata. I have run gpupdate /force but still no folder redirection for users. Thanks, Steve Look for file permission errors in the network trace when accessing the GPO. Andrew Bartlett Hi Andrew I did a wireshark of a user called steve2 logging on and off: http://dl.dropbox.com/u/45150875/logon The folder to which the gpo should redirect to, \\hh1\USERS, is mentioned only once, all the other SMB2 traces refer to the steve2.V2 profile folder. I have Application Data redirected to \\hh1\USERS 'set' shows APPDATA is still local to the client. The gpo works fine on XP but fails for all users other than Administrator on W7. 'set' for Administrator shows the redirection to the server share at \\hh1\USERS\Administrator\Application Data. For Administrator nothing is written to the share, but I think this is because Administrator does not have a uidNumber nor gidNumber. Any help most gretfuly received. Cheers, Steve This works fine on XP but fails on W7. OK Getting a bit closer: The share \\hh1\USERS is not accessible by users, neither can I set the security on it as Administrator because the security tab has been replaced by 'offline files'. The underlying POSIX share is /home2/USERS and it is 0777, global RW. Summary: In W7, users cannot access the share. Question: how can I remove the offline files and get a security tab back? THanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 07/10/12 16:02, steve wrote: On 07/10/12 12:58, steve wrote: On 07/10/12 10:52, Andrew Bartlett wrote: On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve Further tests show using the windows 'set' command, that the policy is only being applied to Administrator. IOW, 'APPDATA' is being redirected to the server. Everyone else still has the local Roaming folder for appdata. I have run gpupdate /force but still no folder redirection for users. Thanks, Steve Look for file permission errors in the network trace when accessing the GPO. Andrew Bartlett Hi Andrew I did a wireshark of a user called steve2 logging on and off: http://dl.dropbox.com/u/45150875/logon The folder to which the gpo should redirect to, \\hh1\USERS, is mentioned only once, all the other SMB2 traces refer to the steve2.V2 profile folder. I have Application Data redirected to \\hh1\USERS 'set' shows APPDATA is still local to the client. The gpo works fine on XP but fails for all users other than Administrator on W7. 'set' for Administrator shows the redirection to the server share at \\hh1\USERS\Administrator\Application Data. For Administrator nothing is written to the share, but I think this is because Administrator does not have a uidNumber nor gidNumber. Any help most gretfuly received. Cheers, Steve This works fine on XP but fails on W7. OK Getting a bit closer: The share \\hh1\USERS is not accessible by users, neither can I set the security on it as Administrator because the security tab has been replaced by 'offline files'. The underlying POSIX share is /home2/USERS and it is 0777, global RW. Summary: In W7, users cannot access the share. Question: how can I remove the offline files and get a security tab back? THanks, Steve Hi Steve, a quick google finds: http://www.sevenforums.com/tutorials/48829-offline-files-enable-disable-use.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 07/10/12 17:14, Rowland Penny wrote: On 07/10/12 16:02, steve wrote: On 07/10/12 12:58, steve wrote: On 07/10/12 10:52, Andrew Bartlett wrote: On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi Steve, a quick google finds: http://www.sevenforums.com/tutorials/48829-offline-files-enable-disable-use.html Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Not given up yet. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
On 07/10/12 17:37, steve wrote: On 07/10/12 17:14, Rowland Penny wrote: On 07/10/12 16:02, steve wrote: On 07/10/12 12:58, steve wrote: On 07/10/12 10:52, Andrew Bartlett wrote: On Sun, 2012-10-07 at 10:07 +0200, steve wrote: On 06/10/12 17:11, steve wrote: Hi Steve, a quick google finds: http://www.sevenforums.com/tutorials/48829-offline-files-enable-disable-use.html Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Having the security tab back on \\hh1\USERS now gives everyone permission to enter and create files in the share and now Administrator has his Application Data redirected to the share. He has a file under \\hh1\USERS as per the GPO. However, ordinary users, whilst able to read and write the share do not have their Application Data redirected. Still works fine for all users with XP but not W7. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Folder Redirection GPO not working with Windows 7
Steve Hi Rowland Thanks for that. I've now got a security tab back. But still no folder redirection:( Having the security tab back on \\hh1\USERS now gives everyone permission to enter and create files in the share and now Administrator has his Application Data redirected to the share. He has a file under \\hh1\USERS as per the GPO. However, ordinary users, whilst able to read and write the share do not have their Application Data redirected. Still works fine for all users with XP but not W7. Obviously the biggest change between XP and Seven is the fact that seven will use smb 2.x by default when XP can do smb/cifs. So you have to carefully look at the SMB2 trace between your client and the samba server when doing it with an admininistrator (which works if I understood your emails) and a normal user. Most probably our fileserver either deny someting to simple users or didn't answer correctly. For this you'll need to use wireshark. Once you have more information we might be able to help you, providing information + traces (if no sensitive information) might help even more. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: Folder Redirection GPO not working with Windows 7
Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba