summaryrefslogtreecommitdiff
path: root/docs/README.Win2kSP2
diff options
context:
space:
mode:
Diffstat (limited to 'docs/README.Win2kSP2')
-rw-r--r--docs/README.Win2kSP256
1 files changed, 0 insertions, 56 deletions
diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2
deleted file mode 100644
index 49a8fbf4ae..0000000000
--- a/docs/README.Win2kSP2
+++ /dev/null
@@ -1,56 +0,0 @@
-!==
-!== README.Win2kSP2
-!==
-
-Author: Gerald (Jerry) Carter <jerry@samba.org>
-
-==================================================================
-
-There are several annoyances with Windows 2000 SP2. One of which
-only appears when using a Samba server to host user profiles
-to Windows 2000 SP2 clients in a Windows domain. This assumes
-that Samba is a member of the domain, but the problem will
-likely occur if it is not.
-
-In order to server profiles successfully to Windows 2000 SP2
-clients (when not operating as a PDC), Samba must have
-
- nt acl support = no
-
-added to the file share which houses the roaming profiles.
-If this is not done, then the Windows 2000 SP2 client will
-complain about not being able to access the profile (Access
-Denied) and create multiple copies of it on disk (DOMAIN.user.001,
-DOMAIN.user.002, etc...). See the smb.conf(5) man page
-for more details on this option. Also note that the "nt acl support"
-parameter was formally a global parameter in releases prior
-to Samba 2.2.2.
-
-The following is a minimal profile share
-
- [profile]
- path = /export/profile
- create mask = 0600
- directory mask = 0700
- nt acl support = no
- read only = no
-
-The reason for this bug is that the Win2k SP2 client copies
-the security descriptor for the profile which contains
-the Samba server's SID, and not the domain SID. The client
-compares the SID for SAMBA\user and realizes it is
-different that the one assigned to DOMAIN\user. Hence the reason
-for the "access denied" message.
-
-By disabling the "nt acl support" parameter, Samba will send
-the Win2k client a response to the QuerySecurityDescriptor
-trans2 call which causes the client to set a default ACL
-for the profile. This default ACL includes
-
- DOMAIN\user "Full Control"
-
-
-NOTE : This bug does not occur when using winbind to
-create accounts on the Samba host for Domain users.
-
-
generated by cgit (git 2.34.1) at 2025-03-05 13:48:29 +0000