This weekend I upgraded SAMBA from 2.2.2 to 2.2.3a then made it the PDC on our LAN. Original PDC was an NT4 Server. There is a Win2K Server running Citrix Metaframe-XP, and the old NT4 PDC Server was replaced with another Win2K Server to be the Database Server. I didn't want to bother with setting Win2K up as a DNS and DFS/ADS Server (required for being a PDC), so selected to make SAMBA the PDC for simplicity, robustness, etc. - all the reasons why we love SAMBA! Read all HOW_TOs and perused the mailing list archives. Got both Win2K Servers to join Domain no problem. There are a few quirks I'd like to pass on: Domain Admins: Selecting 'Domain Admins' in any Win2K Folder Security for assignment returns an error 'Unable to lookup user names for display'. I have 'Administrator' mapped to 'ntadmin' (Linux user with group root privileges) and in smb.conf 'domain admin group = ntadmin gkelley'. Domain Users: The display for Domain Users in any Win2K Folder Security for assignment shows 5 garbage characters so the name is unreadable and returns the same message as Domain Admins. Win2K Profiles: The default profile type in Win2K is Roaming for each new user. If you set 'logon path = \\SRVR\profiles\U%' and set [profiles] where dir mask = 0700, you get an error when logging in the Win2K user and the Profile Folder is not created (if user does not have admin rights). If I manually create the user's profile folder and chmod 0770 and chgrp <user> <user> so that the user's group (themself) has access then they can Login to Win2K and not get the error. Profile files are saved in their Profile Folder (and on the Win2K Server), and a WINDOWS\system folder is created in their SAMBA Home Folder with several files. If I change the dir mask to 0770 in the [profiles] share and remove the user profile folder, then the profile folder is created correctly. If I change the Profile type on Win2K from Roaming to Local, then there are no files saved in their Profile Folder on SAMBA but is saved just on the Win2K Server and a WINDOWS\system folder is still created in their SAMBA Home Folder and contains several files. The Profile Folder is not created if it doesn't exist. This may be how Win2K intercts with SAMBA PDC, but the 0700 dir mask is wrong and a user's Profile Folder is created with user:root and group:<user> by default so 0700 would never allow the user access. If you remove 'logon path = ' and don't create a [profiles] share in smb.conf, you get the profiles saved in the user's Home Folder as a folder called 'profiles' if their profile type is Roaming. Rgds, ________________________ Greg Kelley, IT Director Londavia, Inc. and Britannic Aviation UK Pease Int'l Tradeport 68 New Hampshire Ave. Portsmouth, NH 03801 603.766.3005 http://www.londavia.com http://www.britannicaviation.com SSA, EAA, AOPA CFII SEL,MEL; Comm Glider N5506M @ KDAW
Hi Dont quote me on this but I was/am experiencing exactly the same things and these are some observations i have made. Hopefully somebody with more experience with samba may pick up on some of the following and correct me. 1. The cryptic chars in the Domain User Group is now fixed as of 2.2.4pre 2. The Domain User Group and Domain Admin Groups are now obsolete in the smb.conf (as of 2.2.1 I think) Do these settings still work? 3. I think If you use the %u macro the profile folder will be created with the correct user. 4. Be very careful when testing profiles and certainly keep a backup. I deleted all my files and folders in user test when i logged on as test using the following. Using Win2k I may add. domain admin group = test (I know - I didnt know it was obsolete either) logon path = \\%L\%U You might get away with logon path = \\%L\%u but frankly I have give up trying. Hope Some of that helps Its confused the hell out of me. David Mulcahy>This weekend I upgraded SAMBA from 2.2.2 to 2.2.3a then made it the PDC on >our LAN. Original PDC was an NT4 Server. There is a Win2K Server running >Citrix Metaframe-XP, and the old NT4 PDC Server was replaced with another >Win2K >Server to be the Database Server. I didn't want to bother with setting Win2K >up as a DNS and DFS/ADS Server (required for being a PDC), so selected to >make SAMBA the PDC for simplicity, robustness, etc. - all the reasons why we >love SAMBA! Read all HOW_TOs and perused the mailing list archives. Got both >Win2K Servers to join Domain no problem. > >There are a few quirks I'd like to pass on: > >Domain Admins: > >Selecting 'Domain Admins' in any Win2K Folder Security for assignment >returns an error 'Unable to lookup user names for display'. I have >'Administrator' mapped to 'ntadmin' (Linux user with group root privileges) >and in smb.conf 'domain admin group = ntadmin gkelley'. > >Domain Users: > >The display for Domain Users in any Win2K Folder Security for assignment >shows 5 garbage characters so the name is unreadable and returns the same >message as Domain Admins > >Win2K Profiles: > >The default profile type in Win2K is Roaming for each new user. If you set'>logon path = \\SRVR\profiles\U%' and set [profiles] where dir mask = 0700,>you get an error when logging in the Win2K user and the Profile Folder is >not created (if user does not have admin rights). If I manually create the >user's profile folder and chmod 0770 and chgrp <user> <user> so that the >user's group (themself) has access then they can Login to Win2K and not get >the error. Profile files are saved in their Profile Folder (and on the Win2K >Server), and a WINDOWS\system folder is created in their SAMBA Home >Folder with several files. If I change the dir mask to 0770 in the >[profiles] share and remove the user profile folder, then the profile folderi>s created correctly.>If I change the Profile type on Win2K from Roaming to Local, then there are >no files saved in their Profile Folder on SAMBA but is saved just on the >Win2K Server and a WINDOWS\system folder is still created in their >SAMBA Home Folder and contains several files. The Profile Folder is not >created if it doesn't exist. > >This may be how Win2K intercts with SAMBA PDC, but the 0700 dir mask is >wrong >and a user's Profile Folder is created with user:root and group:<user> by >default so 0700 would never allow the user access. > >If you remove 'logon path = ' and don't create a [profiles] share in >smb.conf, you get the profiles saved in the user's Home Folder as a folder >called 'profiles' if their profile type is Roaming. > >Rgds,-------------------------------------------------------