[Pluto-help] Uso Samba

Francesco Beccari frankb a interplanet.it
Sab 22 Dic 2001 17:30:20 CET


A questo link
http://us1.samba.org/samba/ftp/docs/README.Win2kSP2

ho trovato quanto segue.
Spero ti possa essere di aiuto.


!==
!== README.Win2kSP2
!==

Author:		Gerald (Jerry) Carter <jerry a samba.org>

==================================================================

There are several annoyances with Windows 2000 SP2. One of which
only appears when using a Samba server to host user profiles
to Windows 2000 SP2 clients in a Windows domain.  This assumes
that Samba is a member of the domain, but the problem will
likely occur if it is not.

In order to server profiles successfully to Windows 2000 SP2
clients (when not operating as a PDC), Samba must have

	nt acl support = no

added to the file share which houses the roaming profiles.
If this is not done, then the Windows 2000 SP2 client will
complain about not being able to access the profile (Access
Denied) and create multiple copies of it on disk (DOMAIN.user.001,
DOMAIN.user.002, etc...).  See the smb.conf(5) man page
for more details on this option.  Also note that the "nt acl support"
parameter was formally a global parameter in releases prior
to Samba 2.2.2.

The following is a minimal profile share

	[profile]
		path = /export/profile
		create mask = 0600
		directory mask = 0700
		nt acl support = no
		read only = no

The reason for this bug is that the Win2k SP2 client copies
the security descriptor for the profile which contains
the Samba server's SID, and not the domain SID.  The client
compares the SID for SAMBA\user and realizes it is
different that the one assigned to DOMAIN\user.  Hence the reason
for the "access denied" message.

By disabling the "nt acl support" parameter, Samba will send
the Win2k client a response to the QuerySecurityDescriptor
trans2 call which causes the client to set a default ACL
for the profile. This default ACL includes

	DOMAIN\user 	"Full Control"


NOTE : This bug does not occur when using winbind to
create accounts on the Samba host for Domain users.



ho qualche problema nell'uso di linux come Domain Controller. Quando
configuro una macchina windows nel dominio linux riceso il seguente
errore dal sistema "Il Computer non ha avuto accesso al dominio a
causa del seguente errore: Numero di procedura fuori intervallo".

L'utente linux viene riconosciuto perchè impostando un account o una
password diversa il sistema si blocca dicendo che "l'account o la
password è errata". Cosa Posso controllare.....





More information about the pluto-help mailing list