Well it took forever (three days actually) to:
1) setup a working ldap server.
Unix users now authenticate against the LDAP server perfectly.
2) Setup samba to use LDAP authentication.
3) Get the WindowsXP machines to become members of the domain.
Everything seems to be working fine except for
1) roaming profiles, and
2) User's home directory (logon drive) doesn't get mapped during
log in.
So basically I can log in to the workstation. My user can even
see their home directory shares (via the [homes] share) but
it doesn't get mapped automatically as drive E: (or any other
drive letter) when they log on.
I can sort of live without roaming profiles but the failure to
map the logon drive automagically isn't acceptable.
Could somebody please help me??
I have the logon stuff setup as:
logon path = \\%L\profiles\%U
logon drive = E:
logon home = \\%L\%U
Which I think should map \\SERVER\USERNAME as drive E:
autmatically whenever they log in (substituting the proper
values for SERVER and USERNAME of course.)
It doesn't work. The profile doesn't seem to roam either as
I expect it would with logon path. The path exists and I have
enabled the thingy in gpedit.msc which is required for WinXP
machines. But this is really secondary. I need the logon drive
fixed roaming profiles would just be a nice bonus.
here's my full smb.conf, sorry to be so verbose but I wanted to
include it all because I don't understand much of the LDAP, PDC
or roaming profile entrystuff in this so I didn't want to miss
something:
-----------------------------BEGIN /etc/samba/smb.conf
-----------------------------------
[global]
netbios name = SERVER
workgroup = MYDOMAIN
server string = LDAP PDC [on Gentoo :: Samba server %v]
hosts allow = 10.166.10.0/24 127.0.0.0/8
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth1
bind interfaces only = yes
local master = yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
;logon script = login.bat OR %U.bat
logon path = \\%L\profiles\%U
logon drive = E:
logon home = \\%L\%U
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = ldapsam:ldaps://127.0.0.1:636/
ldap passwd sync = Yes
ldap suffix = dc=sanitized,dc=com
ldap admin dn = cn=Manager,dc=sanitized,dc=com
ldap ssl = yes
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=People
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
[netlogon]
path = /var/lib/samba/netlogon
guest ok = no
read only = yes
browseable = no
write list = root
[profiles]
path = /var/lib/samba/profiles
browsable = no
writable = yes
create mode = 0644
directory mode = 0755
[homes]
path = /home/%U
browseable = no
valid users = %S
read only = no
guest ok = no
create mask = 0664
directory mask = 0775
inherit permissions = yes
;[public]
; comment = Public Stuff
; path = /public
; public = yes
; read only = yes
; browseable = yes
; write list = @users
-----------------------------END /etc/samba/smb.conf
-------------------------------------
Thanks,
- Jeff