samba - Jul 2011 - Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

Hi,

i've finally have my LDAP backend working for authentication for my DC.

Logon scripts are executed, user is authenticated, but my roaming 
profiles are not found.

here is what i have in my config files:

smb.conf
[global]
    printing = bsd
    netbios name = PDC
    server string = PDC (%h)
    workgroup = workgroup
    interfaces = eth0,lo
    security = user
    encrypt passwords = true
    map to guest = bad user
    guest account = nobody

    ## LDAP
    passdb backend = ldapsam:ldap://127.0.0.1
    idmap backend = ldap:ldap://127.0.0.1
    idmap uid = 10000-15000
    idmap gid = 10000-15000
    ldap suffix = dc=workgroup,dc=local
    ldap user suffix = ou=smb-usr
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap idmap suffix = ou=idmap
    ldap admin dn = cn=admin,dc=workgroup,dc=local
    ldap ssl = no
    ldap passwd sync = yes
    add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
    add user script = /usr/sbin/smbldap-useradd -a '%u'
    delete user script = /usr/sbin/smbldap-userdel %u
    add group script = /usr/sbin/smbldap-groupadd -a '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'

    local master = yes
    preferred master = yes
    domain master = yes
    domain logons = yes
    logon path = \\%L\profile\%U
    logon script = %U.bat
    logon drive = H:
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
    panic action = /usr/share/samba/panic-action %d

#======================= Share Definitions ======================[homes]
    comment = Home Directories
    browseable = no
    writeable = yes

[profile]
    comment = Profildateien
    path = /bacula/samba/profile
    guest ok = yes
    browseable = no
    create mask = 0600
    directory mask = 0700
    writeable = yes
    profile acls = yes

[netlogon]
    comment = Network Logon Service
    path = /bacula/samba/netlogon
    guest ok = yes
    writeable = no
    share modes = no
    browseable = no


smbldap.conf

userHome="/home/%U" (also tried \\pdc\%U)
userSmbHome="\\pdc\%U"
userProfile="\\pdc\profile\%U"
userHomeDrive="H:"
userScript="%U.bat"


what is it what i am overlooking?

many thanks and greets

juergen

From: "J. Echter" <j.echter at elektro-mayer-echter.de>
Date: Wed, 20 Jul 2011 17:58:34 +0200
> i've finally have my LDAP backend working for authentication for my DC.
> 
> Logon scripts are executed, user is authenticated, but my roaming 
> profiles are not found.
> 
> here is what i have in my config files:
(snip)
>     hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
Try to comment this line.
>[profile]
>     path = /bacula/samba/profile
This path has valid permission?
>    guest ok = yes
Try to remove "guest ok" line.

And actually "pdbedit -v a-user" shows valid profile path?

---
TAKAHASHI Motonobu <monyo at monyo.com>

Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu:
>
>> [profile]
>>      path = /bacula/samba/profile
> This path has valid permission?
drwxrwxrwt 21 root   root   4096 Jul  7 09:48 profile
> And actually "pdbedit -v a-user" shows valid profile path?
pdbedit -v klaudia

Full Name:            klaudia
Home Directory:       \\pdc\klaudia
HomeDir Drive:        H:
Logon Script:         klaudia.bat
Profile Path:         \\pdc\profile\klaudia
Domain:               WORKGROUP

cheers

juergen

Hai, 

a working profile share.. 
[profiles]
        path = /bacula/samba/profile
        comment = Profiel enviroment.
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = Yes
        guest ok = Yes
        csc policy = disable
        force user = %U
        # next line allows administrator to access all profiles
        valid users = %U @"Domain Admins"
 
good luck.

>-----Oorspronkelijk bericht-----
>Van: j.echter at elektro-mayer-echter.de 
>[mailto:samba-bounces at lists.samba.org] Namens J. Echter
>Verzonden: 2011-07-20 18:21
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
>
>Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu:
>>
>>> [profile]
>>>      path = /bacula/samba/profile
>> This path has valid permission?
>
>drwxrwxrwt 21 root   root   4096 Jul  7 09:48 profile
>
>> And actually "pdbedit -v a-user" shows valid profile path?
>
>pdbedit -v klaudia
>
>Full Name:            klaudia
>Home Directory:       \\pdc\klaudia
>HomeDir Drive:        H:
>Logon Script:         klaudia.bat
>Profile Path:         \\pdc\profile\klaudia
>Domain:               WORKGROUP
>
>cheers
>
>juergen
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>