[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Samba Active Directory
- To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
- Subject: Re: [LUG] Samba Active Directory
- From: mr meowski <mr.meowski@xxxxxxxx>
- Date: Wed, 4 Dec 2019 16:49:58 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xx2nDqixnv+pkzUveSmdAtpCGfhicTJL+ep3h/+1+Rw=; b=h0qvaOQCBBVrpQ1F+0lxagIKpYlp2cZP2YCEh2/uAjeXWpBf65xb1U6M15dLCWsbU7PYG8boT5eIKS8x8A+mCXFhTEgy2NJnkZoGlLY9dXVJAtd+smLLZk+85f0FiQ1AseI+eeb8siLgQClMptWpd+q6bZ3H6cCmFbP4bAi98pTFmqOPnZI+dqxCk8K8/DyhCmBST4FP9CPxm6wXYN2uAC1jG0MXQsSDG8fsexbazpLZCaJ9MDo/Fd7dkh7eJo2Kak6L8Lvo9vGCH5ybwqkLIfgbDPw5tRzc8EmlE5caCgpbPfcTZWSi9KPOtizLjAXvgtnF8UUH4AKgQahY+H6Uiw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nO3BEM1P+Ohwq25D2BV+PnmvUaIISIpsLLbl80r5Xarm/Ou7uScC764qUhRX5POY779cBcb5+GuYpZzogdI9cZOGNTqVD7G38cBwmudfCC/Ejjffz1UGmxhHKhWPlC1yRAuIHjQnTF/6KrAbGlzPlNRNBFqarJ92J/1ieYTzTR5ItArfSMgtsw4P75jSoB/WEaTcpLMKNn0vM+teLYtIXda43PH6/J5Uj+9rVjpSNE1GA2+s98ECMKh5GGuU5PUox3sPM2MHMr4Khuf+bPkdGRLq8IILWP7jRcQ0tX1svIkzXYLs0vMDm8lHNqELiw/+1ZqQfQw4De445wRTUebGYw==
- Content-id: <9418EFACCB1D3E4DB4010273DE387661@eurprd09.prod.outlook.com>
- Content-language: en-US
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1570611962; h=Sender:Content-Transfer-Encoding:Content-Type :Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject :MIME-Version:Content-ID:In-Reply-To:References:Message-ID:Date:To:From:Cc: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=u4lLzWPBZ1cz20e5fR0CDpZqA2Px3PLBATk1lYdTRyQ=; b=B7fFHKC/DjruwsJs4wWeF7upQk bjflT01bhg0py0KE5BqqnotiIRhirQRglkwxeT+lOvtpcpts3yOMo54WtoZfbha2uyFs2BMr1TYnu AqjQgwUmiSLpeyKNpJyTPrhHOD8DpCiZgRo/w5qCpPV6PDdWhD/bjr4auTqhdChD6o08=;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xx2nDqixnv+pkzUveSmdAtpCGfhicTJL+ep3h/+1+Rw=; b=WNaukr1mEcaKW0LFI8vOlpXZGT4wrELRei9Zd9OsaUO9tDxv9QlZvD63kMI4SQKpZJ71RP3rlxZtzJ+FJ2grQBp911LUfO7faiF+R59IFPxouNxbkxjUcw7S/uTOz6WSN7cQDvDj96tqutJu4P78ISG9653zZt1xdHNN4e7vq1xYJYmnccVYYARw+ZB5bvE3BKevRKqocrwfmrwQLirKaGkHGCfjENEoJ3SzoMMt7dd0zjPAc5UIu8C//Bmql6VjMbLywMIDuiqQuVGarRX6JdjZ/RFnQRQQJAJUD1Vkk8Q12vGFTln2VchsMrgM3l3N4UErw7a9iIoYin6RCRdkPg==
- Thread-index: AQHVqgTtTK+RR/EnmU2thvnThJ6roaeoxnSAgAAtFICAAAhqAIAApowAgACPMIA=
- Thread-topic: [LUG] Samba Active Directory
On 04/12/2019 08:17, Martin Gautier wrote:
>
> Folder redirection is set in the GPO to \\SERVER\users\username as a
> base with the client creating the necessary directories on login - using
> the GPO editor's dropdown options.
> (that's a good point. I'll try changing that to specific defined folders
> in the GPO and creating the necessary folders for the user on the server
> today - setting the user's permissions using "smbcacls -C")
This bit is the key and why I mentioned that the domain users *must*
have the relevant write permissions to create the necessary folder
structure on the backend during the first auth/login - it's the bit that
usually causes me headaches at least.
Have you double/triple checked the inheritance from the root of the
profile folder as mentioned here:
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
The section "Verify that permission inheritance is disabled on the root
of the share. If any permission entry in the Advanced Security Settings
window displays a path in the Inherited from column, click the Disable
inheritance button" is really critical, they're not joking abut that.
On the bright side you're basically there at this point. I love that
feeling when your test admin account is working perfectly but your
general production users aren't for some reason and because you've
fiddled with so many things on the admin account you're no longer quite
sure what's different and which of the things you tweaked was the
answer. Good times!
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq