Web lists-archives.com

Re: [Samba] [SOLVED] Samba 4: 'Access denied' error when accessing user profile during logon




On 21 Sep 2018 10:10:22 -0400
Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello Louis,
> 
> In fact, the shares mentioned in my original messages are used in
> Windows-only.
> 
> The accounts, however, are used in both Windows and Unix-type
> environments (we have quite a zoo of OSes in active use); so we
> actually use the Posix part of accounts for attributes and Kerberos
> component to authenticate in all non-Windows use.
> 
> So my primary intent is to make the homes/profiles shares most
> convenient and secure from Windows viewpoint.
> 

Lets be honest about this, the sysvol, netlogon and profiles shares are
only used by Windows clients (unless somebody knows differently). This
means that no Unix client needs to be able to connect to them, so the
best way to set the required permissions is to set them from Windows
and add 'acl_xattr:ignore system acls = yes' to each share.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba