Aaron Solochek
2010-Aug-24 13:57 UTC
[Samba] samba 4 questions (status, roaming profiles, etc)
I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and have a bunch of questions I can't seem to find answers for on the web. 1) There is some problem with my roaming profile such that windows complains and logs me in using my most recently saved profile. I've tried moving my profile on the server out of the way, but windows doesn't seem to recreate it. How do I make it recreate a roaming profile? The client is windows 7. 2) My AD domain is FOO.COM, but the actual domain internally is bar.foo.com. I ran into some issues with this, this biggest of which was that clients would try to pull their group policy from //FOO.COM/sysvol/foo.com/... which meant that the server needed to be exposed externally. I solved this by having foo.com resolve to the local IP internally, but I was wondering if there is some more elegant way to tell clients that the controller for FOO.COM is <some arbitrary host> for these purposes. Also, am I going to run into other pain by having a flat AD domain scheme? Creating a BAR.FOO.COM domain seems like it would be a pain at this point. 3) What is the status of printing in samba4? The most recent thing I could find online was from 2005 and said it wasn't implemented yet. All our printers are IP printers, and my goal is to have them automatically added to machines via group policy. 4) What's the deal with the Users and Computers sections of group policy objects? If I already have my users and computers separated into People and Machines groups in active directory, and have two group policy objects People_GP and Machines_GP applied to their respective groups, will settings in the Users section of Machines_GP apply to any user that logs in to a machine in the Machines group? 5) Where can I find all the smb.conf options that are actually valid for samba4? 6) I can't seem to edit the unix attributes for users in AD. I'd really like to be able to pull account information down via ldap on unix machines. Is this possible? Ok, I think that's enough for now. I really appreciate any help people can offer. Thanks. -Aaron
Daniel Müller
2010-Aug-24 14:33 UTC
[Samba] samba 4 questions (status, roaming profiles, etc)
Make profiles ready in windows7: In your smb.conf: [profiles] path= /yourprofilepath/profiles read only= no mkdir /yourprofilepath/profiles On your windows client start Active Directory Users and Comupters. Right click,properties, then profil tab: Profile path: Yourpathtothe profiles along with %Username% EX: \\mydomain\profiles\%USERNAME% ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Aaron Solochek Gesendet: Dienstag, 24. August 2010 15:58 An: samba at lists.samba.org Betreff: [Samba] samba 4 questions (status, roaming profiles, etc) I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and have a bunch of questions I can't seem to find answers for on the web. 1) There is some problem with my roaming profile such that windows complains and logs me in using my most recently saved profile. I've tried moving my profile on the server out of the way, but windows doesn't seem to recreate it. How do I make it recreate a roaming profile? The client is windows 7. 2) My AD domain is FOO.COM, but the actual domain internally is bar.foo.com. I ran into some issues with this, this biggest of which was that clients would try to pull their group policy from //FOO.COM/sysvol/foo.com/... which meant that the server needed to be exposed externally. I solved this by having foo.com resolve to the local IP internally, but I was wondering if there is some more elegant way to tell clients that the controller for FOO.COM is <some arbitrary host> for these purposes. Also, am I going to run into other pain by having a flat AD domain scheme? Creating a BAR.FOO.COM domain seems like it would be a pain at this point. 3) What is the status of printing in samba4? The most recent thing I could find online was from 2005 and said it wasn't implemented yet. All our printers are IP printers, and my goal is to have them automatically added to machines via group policy. 4) What's the deal with the Users and Computers sections of group policy objects? If I already have my users and computers separated into People and Machines groups in active directory, and have two group policy objects People_GP and Machines_GP applied to their respective groups, will settings in the Users section of Machines_GP apply to any user that logs in to a machine in the Machines group? 5) Where can I find all the smb.conf options that are actually valid for samba4? 6) I can't seem to edit the unix attributes for users in AD. I'd really like to be able to pull account information down via ldap on unix machines. Is this possible? Ok, I think that's enough for now. I really appreciate any help people can offer. Thanks. -Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Michael Wood
2010-Aug-25 10:11 UTC
[Samba] samba 4 questions (status, roaming profiles, etc)
On 24 August 2010 15:57, Aaron Solochek <aarons-samba at aberrant.org> wrote:> I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and have a > bunch of questions I can't seem to find answers for on the web. > > 1) There is some problem with my roaming profile such that windows > complains and logs me in using my most recently saved profile. ?I've > tried moving my profile on the server out of the way, but windows > doesn't seem to recreate it. ?How do I make it recreate a roaming > profile? ?The client is windows 7. > > 2) My AD domain is FOO.COM, but the actual domain internally is > bar.foo.com. ?I ran into some issues with this, this biggest of which > was that clients would try to pull their group policy from > //FOO.COM/sysvol/foo.com/... which meant that the server needed to be > exposed externally. ?I solved this by having foo.com resolve to the > local IP internally, but I was wondering if there is some more elegant > way to tell clients that the controller for FOO.COM is <some arbitrary > host> for these purposes. ?Also, am I going to run into other pain by > having a flat AD domain scheme? ?Creating a BAR.FOO.COM domain seems > like it would be a pain at this point. > > 3) What is the status of printing in samba4? ?The most recent thing I > could find online was from 2005 and said it wasn't implemented yet. ?All > our printers are IP printers, and my goal is to have them automatically > added to machines via group policy. > > 4) What's the deal with the Users and Computers sections of group policy > objects? ?If I already have my users and computers separated into People > and Machines groups in active directory, and have two group policy > objects People_GP and Machines_GP applied to their respective groups, > will settings in the Users section of Machines_GP apply to any user that > logs in to a machine in the Machines group? > > 5) Where can I find all the smb.conf options that are actually valid for > samba4?Have a look at parm_table in source4/param/loadparm.c.> 6) I can't seem to edit the unix attributes for users in AD. ?I'd really > like to be able to pull account information down via ldap on unix > machines. ?Is this possible? > > Ok, I think that's enough for now. ?I really appreciate any help people > can offer. > > Thanks. > > -AaronSorry, I can't help with most of your questions. :) -- Michael Wood <esiotrot at gmail.com>
Aaron Solochek
2010-Aug-26 17:37 UTC
[Samba] samba 4 questions (status, roaming profiles, etc)
So I tried a new user, and it didn't work, so I debugged a little and discovered that I was missing a \ when I changed from setting the profile path per-user to setting it via group policy. After fixing that, my profile folders were automatically recreated on the server, and windows attempted to copy my local profile over. It copied a bunch of stuff, but started failing with a bunch of "The specified network name is no longer available" errors. When I logged back in I got the message telling me it was using my local copy, which is fine since the server copy is incomplete, but in the event viewer I saw this:> Windows cannot locate the server copy of your roaming profile and is > attempting to log you on with your local profile. Changes to the > profile will not be copied to the server when you log off. This error > may be caused by network problems or insufficient security rights. > > DETAIL - The program issued a command but the command length is > incorrect.I have seen that command length error fairly often recently. I have no idea what causes it, and the web isn't being very helpful. I got the same error when opening the group policy management app just now. Anyone know how to debug this? -Aaron On 8/25/2010 2:57 AM, Daniel_M?ller wrote:> First of all try with a new user to be shure your setup of profiles > is working. If it does: You can remove the profile of the user which > does not working profiles on your machine. > > 1.Press on Start > Run >Regedit 2.Navigate to the following registry > key :?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\ProfileList? 3.Under ProfileList navigate to > binary key?s like this :S-1-5-21-3656904587-1668747452-4095529-500 > 4.On the right side under ProfileImagePath you??ll see the username > and profile path. 5.Chose the one with the desired user and delete > the long reg key like > :?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\ProfileList? > > If you deleted the profile of the user on linux Login as > administrator do again: > > On your windows client start Active Directory Users and Comupters. > Right >> click,properties, then profil tab: Profile path: Yourpathtothe >> profiles along with %Username% EX: \\mydomain\profiles\%USERNAME% > Then logon as this user to your machine. > > ----------------------------------------------- EDV Daniel M?ller > > Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. > 24 72076 T?bingen > > Tel.: 07071/206-463, Fax: 07071/206-499 eMail: > mueller at tropenklinik.de Internet: www.tropenklinik.de > ----------------------------------------------- -----Urspr?ngliche > Nachricht----- Von: Aaron Solochek [mailto:aarons-samba at aberrant.org] > Gesendet: Dienstag, 24. August 2010 16:40 An: > mueller at tropenklinik.de Betreff: Re: AW: [Samba] samba 4 questions > (status, roaming profiles, etc) > > Yeah, that is all setup properly. My issue is that the profile was > there, but somehow corrupted, so I moved it out of the way. Now > windows is not recreating it, but just complaining that it can't find > it. I need a way to make the samba or windows (which ever is the > problem) think the roaming profile should be created from scratch. > > -Aaron > > On 8/24/2010 10:33 AM, Daniel_M?ller wrote: >> Make profiles ready in windows7: >> >> In your smb.conf: >> >> [profiles] path= /yourprofilepath/profiles read only= no >> >> mkdir /yourprofilepath/profiles >> >> On your windows client start Active Directory Users and Comupters. >> Right click,properties, then profil tab: Profile path: >> Yourpathtothe profiles along with %Username% EX: >> \\mydomain\profiles\%USERNAME% >> >> ----------------------------------------------- EDV Daniel M?ller >> >> Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. >> 24 72076 T?bingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 eMail: >> mueller at tropenklinik.de Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Urspr?ngliche Nachricht----- Von: >> samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] > Im >> Auftrag von Aaron Solochek Gesendet: Dienstag, 24. August 2010 >> 15:58 An: samba at lists.samba.org Betreff: [Samba] samba 4 questions >> (status, roaming profiles, etc) >> >> I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and >> have a bunch of questions I can't seem to find answers for on the >> web. >> >> 1) There is some problem with my roaming profile such that windows >> complains and logs me in using my most recently saved profile. >> I've tried moving my profile on the server out of the way, but >> windows doesn't seem to recreate it. How do I make it recreate a >> roaming profile? The client is windows 7. >> >> 2) My AD domain is FOO.COM, but the actual domain internally is >> bar.foo.com. I ran into some issues with this, this biggest of >> which was that clients would try to pull their group policy from >> //FOO.COM/sysvol/foo.com/... which meant that the server needed to >> be exposed externally. I solved this by having foo.com resolve to >> the local IP internally, but I was wondering if there is some more >> elegant way to tell clients that the controller for FOO.COM is >> <some arbitrary host> for these purposes. Also, am I going to run >> into other pain by having a flat AD domain scheme? Creating a >> BAR.FOO.COM domain seems like it would be a pain at this point. >> >> 3) What is the status of printing in samba4? The most recent thing >> I could find online was from 2005 and said it wasn't implemented >> yet. All our printers are IP printers, and my goal is to have them >> automatically added to machines via group policy. >> >> 4) What's the deal with the Users and Computers sections of group >> policy objects? If I already have my users and computers separated >> into People and Machines groups in active directory, and have two >> group policy objects People_GP and Machines_GP applied to their >> respective groups, will settings in the Users section of >> Machines_GP apply to any user that logs in to a machine in the >> Machines group? >> >> 5) Where can I find all the smb.conf options that are actually >> valid for samba4? >> >> 6) I can't seem to edit the unix attributes for users in AD. I'd >> really like to be able to pull account information down via ldap on >> unix machines. Is this possible? >> >> >> Ok, I think that's enough for now. I really appreciate any help >> people can offer. >> >> Thanks. >> >> -Aaron > > > > !DSPAM:4c74bef8179861721612090! >
Maybe Matching Threads
- Join W2008 R2 64bit to samba 3.5.8
- Windows 7 on startup always loads temporary profiles samba 3.4.8
- WG: Samba 4.1.7 /Centos 6 with bind-dlz ERROR: fialed to find dnsRecord for DC
- Windows 10 does not register dns in samba 4.3.4
- Windows 10 does not register dns in samba 4.3.4