Hi There,
Tried a Samba AD. Didn't work out. Please do not suggest. Thanks!
Here's what we have:
Ubuntu Linux 14.04.4 LTS
Samba 4.3.9-Ubuntu
Using OpenLDAP for authentication
Using nscd to speed things up
*Not* running winbind
*Not* running Kerberos
The problem is the company purchased a product that, *despite* the
vendor being told "We don't have a Windows network. There is no
AD,"
and them assuring us that would not be a problem, they're running into
deployment trouble.
I *think* having just NT4-style network authentication *may* address
the issues.
I successfully got my MS-Win 7 Pro lapttop to join the domain. And I
can actually do a domain login. But it takes a well over a minute to
complete and I always end-up with a temporary profile.
I can see \\Server\Profiles\username.V2 being created, but it never
gets any content.
Tried every hint and solution I could find. I'm wondering if the lack
of winbind might be the problem? I'm wondering if I can solve it with
sssd?
Any other thoughts?
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Ok try set the profiles folder on 777 And add : valid users = %u @"Domain Administrators" greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jim Seymour > Verzonden: dinsdag 26 juli 2016 16:32 > Aan: samba at lists.samba.org > Onderwerp: [Samba] NT4-Style Auth & Roaming Profiles Only? > > Hi There, > > Tried a Samba AD. Didn't work out. Please do not suggest. Thanks! > > Here's what we have: > > Ubuntu Linux 14.04.4 LTS > Samba 4.3.9-Ubuntu > > Using OpenLDAP for authentication > Using nscd to speed things up > > *Not* running winbind > *Not* running Kerberos > > The problem is the company purchased a product that, *despite* the > vendor being told "We don't have a Windows network. There is no AD," > and them assuring us that would not be a problem, they're running into > deployment trouble. > > I *think* having just NT4-style network authentication *may* address > the issues. > > I successfully got my MS-Win 7 Pro lapttop to join the domain. And I > can actually do a domain login. But it takes a well over a minute to > complete and I always end-up with a temporary profile. > > I can see \\Server\Profiles\username.V2 being created, but it never > gets any content. > > Tried every hint and solution I could find. I'm wondering if the lack > of winbind might be the problem? I'm wondering if I can solve it with > sssd? > > Any other thoughts? > > Thanks, > Jim > -- > Note: My mail server employs *very* aggressive anti-spam > filtering. If you reply to this email and your email is > rejected, please accept my apologies and let me know via my > web form at <http://jimsun.LinxNet.com/contact/scform.php>. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 26/07/16 15:31, Jim Seymour wrote:> Hi There, > > Tried a Samba AD. Didn't work out. Please do not suggest. Thanks!Why didn't Samba AD work, what problems did you have, it might be easier to fix them.> > Here's what we have: > > Ubuntu Linux 14.04.4 LTS > Samba 4.3.9-Ubuntu > > Using OpenLDAP for authentication > Using nscd to speed things up > > *Not* running winbind > *Not* running Kerberos > > The problem is the company purchased a product that, *despite* the > vendor being told "We don't have a Windows network. There is no AD," > and them assuring us that would not be a problem, they're running into > deployment trouble.Have you tried just running winbindd ? you don't have to configure it. It might help if you could post your smb.conf file. Rowland> > I *think* having just NT4-style network authentication *may* address > the issues. > > I successfully got my MS-Win 7 Pro lapttop to join the domain. And I > can actually do a domain login. But it takes a well over a minute to > complete and I always end-up with a temporary profile. > > I can see \\Server\Profiles\username.V2 being created, but it never > gets any content. > > Tried every hint and solution I could find. I'm wondering if the lack > of winbind might be the problem? I'm wondering if I can solve it with > sssd? > > Any other thoughts? > > Thanks, > Jim
On Tue, 26 Jul 2016 17:06:58 +0200 L.P.H. van Belle <belle at bazuin.nl> wrote:> Ok try set the profiles folder on 777 > And add : > valid users = %u @"Domain Administrators"[snip] Thanks for the follow-up, Louis. The "Profiles" directory was already 1777. Made no difference. I even made one of the users' primary GID "Domain Users." No differance. Made the changes you suggested. No difference. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
On Tue, 26 Jul 2016 16:09:10 +0100 Rowland penny <rpenny at samba.org> wrote:> On 26/07/16 15:31, Jim Seymour wrote: > > Hi There, > > > > Tried a Samba AD. Didn't work out. Please do not suggest. > > Thanks! > > Why didn't Samba AD work, what problems did you have, it might be > easier to fix them.It's a long and ugly story, which I'm not going to recount. If you're really interested, I'm sure you can find the answer in the archives.>[snip]> > Have you tried just running winbindd ? you don't have to configure it.Can't run winbind and nscd. sssd does a better job of what nscd does than does winbind. Thus the sssd question.> > It might help if you could post your smb.conf file.[snip] Very well. I'll trim out the cruft and so so. Thanks, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
On 07/26/2016 9:31 AM, Jim Seymour wrote:> Hi There, > > Tried a Samba AD. Didn't work out. Please do not suggest. Thanks! > > Here's what we have: > > Ubuntu Linux 14.04.4 LTS > Samba 4.3.9-Ubuntu > > Using OpenLDAP for authentication > Using nscd to speed things up > > *Not* running winbind > *Not* running Kerberos > > The problem is the company purchased a product that, *despite* the > vendor being told "We don't have a Windows network. There is no AD," > and them assuring us that would not be a problem, they're running into > deployment trouble. > > I *think* having just NT4-style network authentication *may* address > the issues. > > I successfully got my MS-Win 7 Pro lapttop to join the domain. And I > can actually do a domain login. But it takes a well over a minute to > complete and I always end-up with a temporary profile. > > I can see \\Server\Profiles\username.V2 being created, but it never > gets any content. > > Tried every hint and solution I could find. I'm wondering if the lack > of winbind might be the problem? I'm wondering if I can solve it with > sssd? > > Any other thoughts? > > Thanks, > JimJim, This may be your problem: Samba 4.3.9 Upgrading my NT4 domain from 4.2.x to 4.3.x and beyond broke it, and no combination of configuration parameters could put it back together again. I wish you better luck. Dale
On Tue, 26 Jul 2016 12:37:51 -0500 Dale Schroeder <dale at BriannasSaladDressing.com> wrote: [snip]> > Jim, > > This may be your problem: Samba 4.3.9 > > Upgrading my NT4 domain from 4.2.x to 4.3.x and beyond broke it, and > no combination of configuration parameters could put it back together > again. > > I wish you better luck.Yikes! Thanks for mentioning that, Dale. You may have just saved me a *lot* of wasted time. Current stable is 4.4.5. I hate to get this server out of the repository cycle, but... How far "forward" did you go? Maybe I'll get the last 4.2.x stable release, and 4.4.5, see if I can get working what I want on 4.2.x, then see if I can jump to 4.4.5. Thanks, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.