Jeff Dickens
2012-Oct-05 21:42 UTC
[Samba] temporary profiles problem - don't want roaming profiles
I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two remote sites, I have some Samba BDCs. For now I've manually entered the DCs as WINS servers on the workstations I'm using for testing. At the remote sites, I can log in with an account that has no logon path or logon home specified, and it works perfectly. But at the main site, when I try to log on to one of these accounts I get first get the "can't find the server copy of the roaming profile" and then "can't find the local profile logging you in with a temporary profile" errors. I can't figure this one out. I'm using the same account, and the samba setups are nearly identical - just one is a BDC and one a PDC. This is smb.conf on the PDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path logon home domain logons = Yes os level = 65 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 1000000-1999999 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No and on the BDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path logon home domain logons = Yes os level = 65 domain master = No dns proxy = No wins proxy = Yes wins server = 192.168.10.127 ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 1000000-1999999 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No Also notice that my account (which has a roaming profile and works fine at all sites) has a "sambaProfilePath" attribute and the boris and rpoole accounts don't. This should make them no-roaming-profile accounts but it doesn't work consistently. It works at the two satellite sites but not at my main site. root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*jeff*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home *sambaProfilePath: \\wilkins1\home\.winProfile* root at grackle:~# root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*boris*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*rpoole*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home -- * Jeff Dickens* IT Manager 978-632-1513
Jeff Dickens
2012-Oct-08 20:49 UTC
[Samba] temporary profiles problem - don't want roaming profiles
Here I am replying to my own post, but I hope this information will be useful. The following events appeared in the log when a Windows 7 workstation tries to log into the "boris" domain account at the main site: *First the login events: *Keywords Date and Time Source Event ID Task Category Audit Success 10/8/2012 4:27:42 PM Microsoft-Windows-Security-Auditing 4648 Logon "A logon was attempted using explicit credentials. Subject: Security ID: SYSTEM Account Name: WCOMPRM3$ Account Domain: SEAMANPAPER Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: boris Account Domain: SEAMANPAPER Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x28a0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account?s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command." Audit Success 10/8/2012 4:27:42 PM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on. Subject: Security ID: SYSTEM Account Name: WCOMPRM3$ Account Domain: SEAMANPAPER Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: SEAMANPAPER\Domain Users Account Name: boris Account Domain: SEAMANPAPER Logon ID: 0x121d2a1f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28a0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WCOMPRM3 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested." *Then some profile events: * Does this tell you anything about what my problem might be ? I don't see where it says the name of the location where it's trying to find the non-existant roaming profile. Level Date and Time Source Event ID Task Category Warning 10/8/2012 4:27:22 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3331739098-3736223119-3628203672-500: Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500 Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500 Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500 Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500 Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Disallowed Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\My Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\CA Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\trust Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\TrustedPeople Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Root " Error 10/8/2012 4:27:43 PM Microsoft-Windows-User Profiles Service 1511 None Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error 10/8/2012 4:27:43 PM Microsoft-Windows-User Profiles Service 1521 None "Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights. DETAIL - The network name cannot be found. " Warning 10/8/2012 4:28:17 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-947950628-2177205791-3689072656-513: Process 10400 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-947950628-2177205791-3689072656-513 " On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens <jeff at seamanpaper.com> wrote:> I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two > remote sites, I have some Samba BDCs. > > For now I've manually entered the DCs as WINS servers on the workstations > I'm using for testing. At the remote sites, I can log in with an account > that has no logon path or logon home specified, and it works perfectly. > But at the main site, when I try to log on to one of these accounts I get > first get the "can't find the server copy of the roaming profile" and then > "can't find the local profile logging you in with a temporary profile" > errors. I can't figure this one out. I'm using the same account, and the > samba setups are nearly identical - just one is a BDC and one a PDC. > > This is smb.conf on the PDC: > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 > logon path > logon home > domain logons = Yes > os level = 65 > domain master = Yes > dns proxy = No > wins support = Yes > ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=intranet,dc=seamanpaper,dc=com > ldap ssl = no > ldap user suffix = ou=People > panic action = /usr/share/samba/panic-action %d > idmap config * : range = 1000000-1999999 > idmap config * : backend = ldap > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [profiles] > comment = Windows Profiles > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > browseable = No > csc policy = disable > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > and on the BDC: > > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 > logon path > logon home > domain logons = Yes > os level = 65 > domain master = No > dns proxy = No > wins proxy = Yes > wins server = 192.168.10.127 > ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=intranet,dc=seamanpaper,dc=com > ldap ssl = no > ldap user suffix = ou=People > panic action = /usr/share/samba/panic-action %d > idmap config * : range = 1000000-1999999 > idmap config * : backend = ldap > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [profiles] > comment = Windows Profiles > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > browseable = No > csc policy = disable > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > > Also notice that my account (which has a roaming profile and works fine at > all sites) has a "sambaProfilePath" attribute and the boris and rpoole > accounts don't. This should make them no-roaming-profile accounts but it > doesn't work consistently. It works at the two satellite sites but not at > my main site. > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*jeff*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > *sambaProfilePath: \\wilkins1\home\.winProfile* > root at grackle:~# > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*boris*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*rpoole*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > > > > -- > * Jeff Dickens* > IT Manager 978-632-1513 > > >-- * Jeff Dickens* IT Manager 978-632-1513
Jeff Dickens
2012-Oct-17 18:40 UTC
[Samba] temporary profiles problem - don't want roaming profiles
Apparently my problem is a bad combination of mystifying and uninteresting :-) since I've not had a reply. Can anyone maybe suggest how to debug this? How can I find out what name it's looking for when it gets "The network name cannot be found" ? Is it true that I should be able to have a Samba-3 Domain without roaming profiles by just specifying logon path logon home in smb.conf and not providing any *sambaProfilePath* attribute in LDAP ? On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens <jeff at seamanpaper.com> wrote:> I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two > remote sites, I have some Samba BDCs. > > For now I've manually entered the DCs as WINS servers on the workstations > I'm using for testing. At the remote sites, I can log in with an account > that has no logon path or logon home specified, and it works perfectly. > But at the main site, when I try to log on to one of these accounts I get > first get the "can't find the server copy of the roaming profile" and then > "can't find the local profile logging you in with a temporary profile" > errors. I can't figure this one out. I'm using the same account, and the > samba setups are nearly identical - just one is a BDC and one a PDC. > > This is smb.conf on the PDC: > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 > logon path > logon home > domain logons = Yes > os level = 65 > domain master = Yes > dns proxy = No > wins support = Yes > ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=intranet,dc=seamanpaper,dc=com > ldap ssl = no > ldap user suffix = ou=People > panic action = /usr/share/samba/panic-action %d > idmap config * : range = 1000000-1999999 > idmap config * : backend = ldap > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [profiles] > comment = Windows Profiles > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > browseable = No > csc policy = disable > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > and on the BDC: > > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 > logon path > logon home > domain logons = Yes > os level = 65 > domain master = No > dns proxy = No > wins proxy = Yes > wins server = 192.168.10.127 > ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=intranet,dc=seamanpaper,dc=com > ldap ssl = no > ldap user suffix = ou=People > panic action = /usr/share/samba/panic-action %d > idmap config * : range = 1000000-1999999 > idmap config * : backend = ldap > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [profiles] > comment = Windows Profiles > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > browseable = No > csc policy = disable > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > > Also notice that my account (which has a roaming profile and works fine at > all sites) has a "sambaProfilePath" attribute and the boris and rpoole > accounts don't. This should make them no-roaming-profile accounts but it > doesn't work consistently. It works at the two satellite sites but not at > my main site. > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*jeff*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > *sambaProfilePath: \\wilkins1\home\.winProfile* > root at grackle:~# > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*boris*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > > root at grackle:~# ldapsearch -W -D > cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap:// > grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com > "(uid=*rpoole*)" | grep Path > Enter LDAP Password: > sambaHomePath: \\wilkins1\home > > > > -- > * Jeff Dickens* > IT Manager 978-632-1513 > > >-- * Jeff Dickens* IT Manager 978-632-1513
Reasonably Related Threads
- Disabling Roaming Profile Support
- Cannot chown file to active directory user/group on member server
- wbinfo -i -> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
- getting started with GPOs
- Cannot chown file to active directory user/group on member server