Hi, 
I have a domain controller which was configured to use the local profiles. We 
have a relatively small group whose work required it. Now we are moving toward 
using the domain for all machine with roaming profile. There are a lot of 
posts dealing with the roaming profiles and the folder redirection. But I've
met some issues.
My configuration:
NS3 and SMB are hostnames of our servers.
PDC is located on NS3  and file server containing profiles and home shares on 
SMB.
This is NS3 configuration:
# Global parameters
[global]           
        workgroup = CHAPPY-MS
        netbios name = DS01  
        server string = Chappy Samba LDAP PDC Server
        interfaces = 192.168.40.8/255.255.255.0     
        passdb backend = ldapsam:ldap://ds01/       
        enable privileges = Yes
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        printcap name = cups
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        logon path = \\smb\profiles\%U\%a
        logon drive = H:
        logon home = \\smb\homes
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=admin,dc=chappy,dc=com
        ldap delete dn = Yes
        ldap group suffix = ou=groups
        ldap idmap suffix = ou=idmap,dc=chappy,dc=com
        ldap machine suffix = ou=computers
        ldap passwd sync = Yes
        ldap suffix = dc=chappy,dc=com
        ldap user suffix = ou=people
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        printing = cups
        print command         lpq command = %p
        lprm command 
[netlogon]
        path = /var/lib/samba/netlogon
        browseable = No
This is SMB configuration:
[global]
        workgroup = CHAPPY-MS
        server string = file server
        interfaces = 192.168.40.43 
        map to guest = Bad User    
        passdb backend = ldapsam:ldap://ds01
        syslog = 0                          
        log file = /var/log/samba/log.%m    
        max log size = 2048                 
        keepalive = 0                       
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192
        hostname lookups = Yes
        load printers = No
        dns proxy = No
        wins server = 192.168.40.8
        kernel oplocks = No
        ldap admin dn = cn=admin,dc=chappy,dc=com
        ldap delete dn = Yes
        ldap group suffix = ou=groups
        ldap idmap suffix = ou=idmap,dc=chappy,dc=com
        ldap machine suffix = ou=computers
        ldap suffix = dc=chappy,dc=com
        ldap ssl = no
        ldap user suffix = ou=people
        panic action = /usr/share/samba/panic-action %d
[homes]
        comment = Home Share
        path = /san/export/home/%S
        valid users = %S
        write list = %S
        force create mode = 0600
        force directory mode = 0700
        hide special files = Yes
        browseable = No
[profiles]
        comment = Profiles Share
        path = /san/export/samba/profiles
        read only = No
        force create mode = 0664
        force directory mode = 0775
        profile acls = Yes
        hide files = /Application Data/Cookies/Local\ 
Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/
        store dos attributes = Yes
        browseable = No
        csc policy = disable
Netlogon on NS3 has a Default User configuration redirecting Desktop, My 
Documents, My Pictures, My Music, Personal to the appropriate directories on 
%HOMEDRIVE%:
Desktop - %HOMEDRIVE%\Desktop
My Documents - %HOMEDRIVE%\My Documents
My Pictures - %HOMEDRIVE%\My Documents\My Pictures
etc..
The local group policy disables the offline files and the roaming profile 
synchronization for Desktop, My Documents and Application Data. These settings 
were based on Samba by Examples, ch.5 and 6.
During the first log in  the user grabs the configured profile from netlogon 
share and correctly setup all files. But when user logged off it watched 
synchronizing window where it syncs the user home directory.
At the same time the user can write/read home drive with no problems. The 
popup message "offline files - working offline" is rather annoying. 
Could anybody give me an idea what is wrong? Or maybe I should use 
%LOGONPROFILE% variable instead of %HOMEDRIVE%?
If the synchronization window is normal for such configuration is there any 
advantage of using the folder redirection with the roaming profile? Maybe it 
is better to disable synchronization of some directories and train users to 
keep their documents on home drive arguing that this is a safe place?
Yauheni Labko (Eugene Lobko)
Junior System Administrator
Chapdelaine & Co
(212)208-9150
The problem was resolved after rejoining the domain. It looks like the policy was not updated though I rebooted the machine and did gpupdate. Yauheni Labko (Eugene Lobko) Junior System Administrator Chapdelaine & Co. (212)208-9150 On Monday 19 October 2009 01:42:09 pm Yauheni Labko wrote:> Hi, > > I have a domain controller which was configured to use the local profiles. > We have a relatively small group whose work required it. Now we are moving > toward using the domain for all machine with roaming profile. There are a > lot of posts dealing with the roaming profiles and the folder redirection. > But I've met some issues. > > My configuration: > NS3 and SMB are hostnames of our servers. > PDC is located on NS3 and file server containing profiles and home shares > on SMB. > > This is NS3 configuration: > # Global parameters > [global] > workgroup = CHAPPY-MS > netbios name = DS01 > server string = Chappy Samba LDAP PDC Server > interfaces = 192.168.40.8/255.255.255.0 > passdb backend = ldapsam:ldap://ds01/ > enable privileges = Yes > passwd program = /usr/sbin/smbldap-passwd -u "%u" > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > printcap name = cups > add user script = /usr/sbin/smbldap-useradd -m "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > logon path = \\smb\profiles\%U\%a > logon drive = H: > logon home = \\smb\homes > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap admin dn = cn=admin,dc=chappy,dc=com > ldap delete dn = Yes > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap,dc=chappy,dc=com > ldap machine suffix = ou=computers > ldap passwd sync = Yes > ldap suffix = dc=chappy,dc=com > ldap user suffix = ou=people > panic action = /usr/share/samba/panic-action %d > idmap uid = 15000-20000 > idmap gid = 15000-20000 > printing = cups > print command > lpq command = %p > lprm command > > [netlogon] > path = /var/lib/samba/netlogon > browseable = No > > > This is SMB configuration: > > [global] > workgroup = CHAPPY-MS > server string = file server > interfaces = 192.168.40.43 > map to guest = Bad User > passdb backend = ldapsam:ldap://ds01 > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 2048 > keepalive = 0 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > SO_RCVBUF=8192 SO_SNDBUF=8192 > hostname lookups = Yes > load printers = No > dns proxy = No > wins server = 192.168.40.8 > kernel oplocks = No > ldap admin dn = cn=admin,dc=chappy,dc=com > ldap delete dn = Yes > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap,dc=chappy,dc=com > ldap machine suffix = ou=computers > ldap suffix = dc=chappy,dc=com > ldap ssl = no > ldap user suffix = ou=people > panic action = /usr/share/samba/panic-action %d > > [homes] > comment = Home Share > path = /san/export/home/%S > valid users = %S > write list = %S > force create mode = 0600 > force directory mode = 0700 > hide special files = Yes > browseable = No > > [profiles] > comment = Profiles Share > path = /san/export/samba/profiles > read only = No > force create mode = 0664 > force directory mode = 0775 > profile acls = Yes > hide files = /Application Data/Cookies/Local\ > Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/ > store dos attributes = Yes > browseable = No > csc policy = disable > > > Netlogon on NS3 has a Default User configuration redirecting Desktop, My > Documents, My Pictures, My Music, Personal to the appropriate directories > on %HOMEDRIVE%: > Desktop - %HOMEDRIVE%\Desktop > My Documents - %HOMEDRIVE%\My Documents > My Pictures - %HOMEDRIVE%\My Documents\My Pictures > etc.. > > The local group policy disables the offline files and the roaming profile > synchronization for Desktop, My Documents and Application Data. These > settings were based on Samba by Examples, ch.5 and 6. > > During the first log in the user grabs the configured profile from > netlogon share and correctly setup all files. But when user logged off it > watched synchronizing window where it syncs the user home directory. > At the same time the user can write/read home drive with no problems. The > popup message "offline files - working offline" is rather annoying. > > Could anybody give me an idea what is wrong? Or maybe I should use > %LOGONPROFILE% variable instead of %HOMEDRIVE%? > If the synchronization window is normal for such configuration is there any > advantage of using the folder redirection with the roaming profile? Maybe > it is better to disable synchronization of some directories and train > users to keep their documents on home drive arguing that this is a safe > place? > > Yauheni Labko (Eugene Lobko) > Junior System Administrator > Chapdelaine & Co > (212)208-9150 >
Reasonably Related Threads
- CTDB+GFS2+CMAN. clean_start="0" or clean_start="1"?
- Writing My Own Function to Use With aggregate
- SPF1 txt records
- [PATCH node-image] Add ability to set persistent ssh_host_keys on the node, usefull if you run diskless instance of ovirt-node
- Puppet 3 and master cert error ...