Rowland, 'getent group DomainUsers' indeed returns nothing. Now, I know, you know this like the "back of your hand" but, am I wrong, are the permissions for **profiles** somewhat (not alot) different from permissions for file shares? Because I see that instructions (on the wiki) for file sharing reads differently. Thanks, again. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-03-05 07:38, Rowland Penny wrote:> On 05/03/15 13:25, Bob of Donelson Trophy wrote: > >> I am setting up W7 profiles following the "Samba & Windows Profiles" on the Sambawiki. If it matters, I have two functional DC's and one member server. When I run '# chmod 1770 /srv/samba/profiles' (on the member server) the permissions changed to: root at mbr01:~# ls -alh /srv/samba/profiles total 12K drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 . drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. The first line changed from 'drwxr-xr-t' to 'drwxrwx--T+' and the second did not change. Under "Profile share with using POSIX ACLs" it is indicated that we should change the '# chgrp ?Domain Users" /srv/samba/profiles' I am getting "chgrp: invalid group: `Domain Users' " When I run "wbinfo -g" there listed is "domain users". I have tried lower case "# chgrp ?domain users" /srv/samba/profiles" with the same result "chgrp: invalid group: `domain users' ". Suggestions? > > Hi Bob, 'wbinfo -g' does indeed show 'domain users' but this is not what is used when you try to use chgrp. What does 'getent group Domain Users' show ? > > If it doesn't return anything, then we need to find out why not > > RowlandLinks: ------ [1] http://www.donelsontrophy.com
On 05/03/15 17:22, Bob of Donelson Trophy wrote:> > > Rowland, > > 'getent group DomainUsers' indeed returns nothing. > > Now, I know, you know this like the "back of your hand" but, am I wrong, > are the permissions for **profiles** somewhat (not alot) different from > permissions for file shares? Because I see that instructions (on the > wiki) for file sharing reads differently. > > Thanks, again. > > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an award!!" > > On 2015-03-05 07:38, Rowland Penny wrote: > >> On 05/03/15 13:25, Bob of Donelson Trophy wrote: >> >>> I am setting up W7 profiles following the "Samba & Windows Profiles" on the Sambawiki. If it matters, I have two functional DC's and one member server. When I run '# chmod 1770 /srv/samba/profiles' (on the member server) the permissions changed to: root at mbr01:~# ls -alh /srv/samba/profiles total 12K drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 . drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. The first line changed from 'drwxr-xr-t' to 'drwxrwx--T+' and the second did not change. Under "Profile share with using POSIX ACLs" it is indicated that we should change the '# chgrp ?Domain Users" /srv/samba/profiles' I am getting "chgrp: invalid group: `Domain Users' " When I run "wbinfo -g" there listed is "domain users". I have tried lower case "# chgrp ?domain users" /srv/samba/profiles" with the same result "chgrp: invalid group: `domain users' ". Suggestions? >> Hi Bob, 'wbinfo -g' does indeed show 'domain users' but this is not what is used when you try to use chgrp. What does 'getent group Domain Users' show ? >> >> If it doesn't return anything, then we need to find out why not >> >> Rowland > > > Links: > ------ > [1] http://www.donelsontrophy.comOK, the problem here is that Unix has to know who 'Domain Users' is before it will/can change the group ownership of a directory. I take it that the passwd & group lines in /etc/nsswitch.conf have had 'winbind' added to them and if you run 'pam-auth-update' it shows winbind amongst the authentication methods. Does Domain Users have a gidNumber ? If not then modify the 'Domain Users' object in AD and add one. You have to get 'getent group Domain\ Users' to return the group info before you can go any further. Rowland
Okay, so I did this to myself. I overlooked an important sentence on the "https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles". The sentence that instructs to do "Profile share using Windows ACLs" ***OR*** "Profile share with using POSIX ACLs". So, I have reset the permissions to how they were before I messed them up doing the "POSIX ACLs" part. Went back through the W7 client and correctly set permissions (via Windows Explorer) as instructed on the wiki. I still cannot write profiles to the /home/samba/NTDOM/profiles directory. I think I am confused on the "Administrator" portion of the wiki page. In the text box, the top line discusses the "Administrator" permission settings. (Below "Administrator" lists "Domain Users" and "CREATOR OWNER".) In the graphic that appears just above the text box, the graphic illustrates setting permissions for the "\SAMDOMadmin . . ." so, am I setting for my DCAdministrator or the member server administrator? And then begs the question, am I looking for 'getent group Domain Users' on the DC or the member server? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-03-05 11:49, Rowland Penny wrote:> On 05/03/15 17:22, Bob of Donelson Trophy wrote: > Rowland, 'getent group DomainUsers' indeed returns nothing. Now, I know, you know this like the "back of your hand" but, am I wrong, are the permissions for **profiles** somewhat (not alot) different from permissions for file shares? Because I see that instructions (on the wiki) for file sharing reads differently. Thanks, again. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" On 2015-03-05 07:38, Rowland Penny wrote: On 05/03/15 13:25, Bob of Donelson Trophy wrote: I am setting up W7 profiles following the "Samba & Windows Profiles" on the Sambawiki. If it matters, I have two functional DC's and one member server. When I run '# chmod 1770 /srv/samba/profiles' (on the member server) the permissions changed to: root at mbr01:~# ls -alh /srv/samba/profiles total 12K drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 . drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. The first line changed from 'drwxr-xr-t' to 'drwxrwx--T+' and the second did not change. Under "Profile share with using POSIX ACLs" it is indicated that we should change the '# chgrp ?Domain Users" /srv/samba/profiles' I am getting "chgrp: invalid group: `Domain Users' " When I run "wbinfo -g" there listed is "domain users". I have tried lower case "# chgrp ?domain users" /srv/samba/profiles" with the same result "chgrp: invalid group: `domain users' ". Suggestions? Hi Bob, 'wbinfo -g' does indeed show 'domain users' but this is not what is used when you try to use chgrp. What does 'getent group Domain Users' show ? If it doesn't return anything, then we need to find out why not Rowland Links: ------ [1] http://www.donelsontrophy.com [1] OK, the problem here is that Unix has to know who 'Domain Users' is before it will/can change the group ownership of a directory. I take it that the passwd & group lines in /etc/nsswitch.conf have had 'winbind' added to them and if you run 'pam-auth-update' it shows winbind amongst the authentication methods. Does Domain Users have a gidNumber ? If not then modify the 'Domain Users' object in AD and add one. You have to get 'getent group Domain Users' to return the group info before you can go any further. Rowland Links: ------ [1] http://www.donelsontrophy.com