Bug 4696 - system policies are not applied
Summary: system policies are not applied
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.24
Hardware: x64 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-06-14 00:52 UTC by Zev Benjamin
Modified: 2007-06-14 15:07 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Zev Benjamin 2007-06-14 00:52:53 UTC
This applies to at least 3.0.24 and 3.0.21c.  System policies do work in 3.0.14a-debian.

The ntconfig.pol file is transfered to windows 2k/xp clients during login, but for some reason is not applied in affected samba versions.  I captured the following debugging output from one of the clients:

USERENV(2a8.2ac) 18:52:48:468 LoadUserProfile: Returning TRUE. hProfile = <0xb48>
USERENV(2a8.2ac) 18:52:48:468 ApplySystemPolicy: Entering
USERENV(2a8.2ac) 18:52:48:468 ApplySystemPolicy:  PolicyPath is: <\\SOUNDWAVE\netlogon\ntconfig.pol>.
USERENV(2a8.2ac) 18:52:48:484 ApplySystemPolicy:  Local PolicyPath is: <C:\Documents and Settings\zev\prf98.tmp>.
USERENV(2a8.2ac) 18:52:48:484 MyRegLoadKey: Returning 00000000
USERENV(2a8.2ac) 18:52:48:484 ApplySystemPolicy:  Looking for user specific policy.
USERENV(2a8.2ac) 18:52:48:484 OpenUserKey:  No entry for zev, using .Default instead.
USERENV(2a8.2ac) 18:52:48:500 ApplySystemPolicy:  Processing group(s) policy.
USERENV(2a8.2ac) 18:52:48:500 ApplySystemPolicy:  Failed to get group processing order.
USERENV(2a8.2ac) 18:52:48:500 ApplySystemPolicy:  Looking for machine specific policy.
USERENV(2a8.2ac) 18:52:48:500 OpenUserKey:  No entry for CHROMIA, using .Default instead.
USERENV(2a8.2ac) 18:52:48:500 MyRegUnLoadKey: Returning 1.
USERENV(2a8.2ac) 18:52:48:500 ApplySystemPolicy:  Leaving with 1

There is nothing obviously wrong from this output, but the policy is still not applied.  If you need any more information, I'd be happy to help.

Comment 1 Gerald (Jerry) Carter (dead mail address) 2007-06-14 08:29:59 UTC
Zev, Make sure that the ReadOnly bit is not set on the ntconfig.pol file.
Comment 2 Zev Benjamin 2007-06-14 15:07:46 UTC
(In reply to comment #1)
> Zev, Make sure that the ReadOnly bit is not set on the ntconfig.pol file.

(At least under 3.0.24) I tried chmodding ntconfig.pol 777, as well as following the other suggestions in bug 3042, but to no avail.  The Windows logs as well as the Samba logs suggest that the file is read and transmitted just fine, but just not applied.