On Mon, 2004-01-05 at 11:26, Kevin wrote:
> On Mon, 2004-01-05 at 10:42, Kevin Brown wrote:
> > > Just a point of clarification here.  Must my samba file server be
> > > configured as a PDC in order to host roaming profiles?
> > 
> > It shouldn't.  Last time I dealt with NT4 roaming profiles they could reside on 
> > any SMB filesystem.
> 
> Hmm.  That was my original thought too.  However, here is what happens. 
> Relevant bits of /etc/samba/smb.conf look like this on my old Samba
> server 2.0.7:
> 
>  workgroup = HOME
>  security = user
>  encrypt passwords = yes
>  smb passwd file = /etc/samba/smbpasswd
>  wins support = yes
>  
>  [Profiles]
>     path = /home/samba/profiles
>     browseable = no
>     guest ok = yes
>     writeable = yes
>     create mask = 0777  <--tried 0700 also
>     directory mask = 0777  <--tried 0700 also
> 
> 
> On a worm2K box that is configured to be in the same HOME workgroup (not
> domain) as the samba server, I logged in as local 'administrator' and
> changed user account shari to have a 'Profile path' of
> '\\192.168.2.1\profiles\shari'.
> 
> I confirmed that I could 'browse' to \\192.168.2.1\profiles and see
> folders there.  No pre-existing shari folder.
> 
> I logged off and logged on as shari.  Worm2K says "a server copy of the
> profile folder already exists that does not have the correct security. 
> Either the current user or the Administrator's group must be the owner
> of the folder."  However, I see that a shari directory was created on
> the samba box under /home/samba/profiles/.  The owner is the UNIX user
> 'shari' and perms are 777.
> 
> On the Worm2K box, if I browse to \\192.168.2.1\profiles and look at the
> properties of the new 'shari' folder there, I see that the owner of the
> folder is SERVER\shari.  If I change it to CLIENT\shari, it just changes
> back.  I also tried deleting the new folder from the server and manually
> creating it _from_ the worm2K box.  Same result.
> 
> Seems like user/perms mapping problem between the two.  Actually, it
> seems like a lack of understanding on my part of HOW user/perms are
> mapped between the two.
> 
> If the samba server was in a domain or a PDC by itself, I'm guessing the
> perms problem would go away, because there no longer be a distinction
> between SERVER\shari and CLIENT\shari.
----
that's what winbind is for - to bind users & groups from the Windows
domain to the local unix system so that they are recognized. Otherwise
only local users will work and that ain't gonna happen.

Craig