OT: Win: Starting a windows enterprise admin group

[Bryan O'Neal]

Just to make sure roaming profile works from a client computer for the
admin but not for the regular users on the same desktop?
My first suggestion would to allow browsing and execution on the SAMBA
and FS level for everyone (save guest) and use ACL's to control user
access. If you join the samba server to the AD and use kerberos
tickets to pass authentication the windows server will simply think of
the samba server as another windows server.



On Thu, Aug 26, 2010 at 12:56 PM, JD Austin <jd at twingeckos.com> wrote:
> The netlogon doesn't have permissions listed but profiles does; it seems the
> group name of the directory was mostly the issue (root):
> [Profiles]
> path = /home/e-smith/files/samba/profiles
> writeable = yes
> browseable = no
> create mask = 0600
> directory mask = 0700
> csc policy = disable
> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>
> [netlogon]
> comment = Network Logon Service
> path = /home/e-smith/files/samba/netlogon
> guest ok = yes
> writable = yes
> browseable = no
>
> SME server uses a bunch of templates and has a system for building the
> smb.conf file that I'm still learning how to use such as:
>
> db configuration setprop smb RecycleBin enabled
> db configuration setprop smb KeepVersions enabled
> signal-event group-modify shared
> signal-event group-modify domain-admins
> signal-event group-modify domain-users
>
> I really hate using a bleeding edge version but I'll make it work :)
> JD
> On Thu, Aug 26, 2010 at 12:39, Eric Shubert <ejs at shubes.net> wrote:
>>
>> What are the permissions in your smb.conf file?
>>
>> (check logon path and [Profiles] in particular)
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>