Hi,

I have set up a Samba PDC for a small network (8 win2k clients) using IBM's tutorial. Everithing is spiffy except for the users rights. I am using roaming profiles (in fact is the reason why PDC was chosen) and though the clients can login they have very restrictive accounts (ex: if a drive needs to be mapped it will not be remeberd @ reconnection). They also seem to have problems executing programs locally (I read somewear that I can solve this by adding the account locally on the client).

Since security is not so much of an issue, how can I make all my client accounts into root accounts? Will doing this solve the restrictions on the accounts?

Links, suggestions, comments all welcome.

Digit0

try changing the 'security' options to user

Thanks for replying,

Security is set to user her is smb.conf :

workgroup = somthing.com

server string = Samba server

log file = /dev/null

security = user

encripted passwords = yes

socket options = TCP_NODELAY

local master = yes

host allow =127.0.0.1 192.168.1.0/255.255.255.0

os level = 64

domain master = yes

preferred master = yes

domain logons = yes

logon script = %U.bat

logon path = \\%L\Profiles\%U.pds

logon drive = H:

logon home = \\%L\%U\.profile

domain admin group = @root
dns proxy = no
ssl compatibility = no
ssl require clientcert = no
ssl require server cert = no
ssl = no
encrypt passwords = yes
netbios name = gtlla
max packet = 0
ssl entropy bytes = 0

machines -c Machine -d /dev/null -s /bin/false %u

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no

[Profiles]
path = /mnt/GTLLA2/profiles
writable = yes
browseable = yes
create mask =0600
directory mask = 0700

[tolis]
path = /mnt/GTLLA2/tolis
writable = yes
browsable = yes

[lotus]
path = /mnt/GTLLA2/lotus
writable = yes
browsable = yes

again I can login the user accounts what I want to do is give the clients full rights.

I only suggest this because you say that security is not much of an issue. The simplest and most complete way to provide full access to the shares is to change the permissions of the shares.

Wherever you have your shares located (for example /usr/local/archives) do the following as root:

chmod -R 0777 /path/where/shares/are

All users will have full Read, Write, and Execute permissions in the directory and all sub-directories contained in it.

Then throw in something like this into each share that you want to provide full access:

create mask = 0777
directory mask = 0777
security mask = 0777
directory security mask = 0777

I should mention that I am still using Samba 2.2.8 and have not yet upgraded to Samba 3.0. I forget if you mentioned which version you were using.

Try this and see if it gets you what you need.

Floog

I'm not sure if this will make a difference either but I noticed your 'host allow' option may need to be changed.

I have mine set like this:

192.168.1. 127.


I'm not exactly sure but having a complete local address like 192.168.1.1 may not allow other local ip addresses to reach the Samba box. By leaving it open as 192.168.1. Samba will allow any local ip address from 1 - 255 to log in and pursue access according to the user rights you dictate.

Hope this helps,

Floog