samba - Apr 2006 - Roaming profiles cannot be used fully unless a member of "Domain Admins"

Hello!

This is my setup

Using 3.0.14a-3sarge on Deb.

This is my smb.conf file
----------------------------------------
# Global parameters
[global]
        workgroup = MYWORKGROUP
        server string = Samba Server
        obey pam restrictions = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        #turn this on for loggin purposes
        #log level = 4
        log file = /var/log/samba/%m.log
        max log size = 0
        time server =  Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/sbin/useradd -m %u
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/sbin/usermod -G %g %u
        add machine script = /usr/sbin/useradd -s /bin/false \
-d /dev/null %u
        logon path = \\%L\profiles\%u
        logon drive = H:
        domain logons = Yes
        os level =  65
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        hosts allow = 192.168.
        ;--000000000000000000000000000000000000000
        ;--keep this options disabled
        ;--since they generate a lot of disk space
        ;--000000000000000000000000000000000000000
        ;recyclebin options
        #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
        #recycle:keeptree = True
        #recycle:touch =  True
        #recycle:versions = True
        #recycle:noversions = .doc|.xls|.ppt
        #recycle:repository = %u's_network_Recycle_Bin
        #recycle:maxsize = 10000000
        create mask = 0777
        directory mask = 0777
        #vfs objects = recycle
[homes]
        comment = Home Directories
        read onfiltered= No
        create mask = 0664
        directory mask = 0775
        invalid users = mp3
[Shared]
        comment = Miscellaneous Shared  Files
        read onfiltered= No
        create mask = 0664
        directory mask = 0775
        path = /home/samba/Shared
        invalid users = mp3

[tmp]
        comment = Temporary Share
        path = /tmp
        read onfiltered= No
        invalid users = mp3

[mp3s]
        comment = Mp3 files
        path = /export/mp3s

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        browseable =  No
[profiles]
        path = /home/samba/samba-ntprof
        read onfiltered= No
        create mask = 0600
        directory mask = 0700
        browseable = No
        invalid users = mp3
[backup]
        comment = backup files
        path = /export/backup
        read onfiltered= No
        create mask = 0600
        directory mask = 0700
        valid users = john
        invalid users = mp3

------------------------------------------------------

net groupmap list  shows

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
Domain Admins (S-1-5-21-2890933770-3660815257-1026551046-512) -> domainadmins
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1


/etc/group contains

domainadmins:x:112:john
users:x:100:jeremy,todd,matt

---------------------------------------------

Issue is: All besides john, who's a member of "Domain Admins" can
login
just fine.  However, the roaming profile seem not to be writeable to it, since
any changes, say a bookmark on Firefox would not be saved during  next login.

Also, if one were to hit Start button, there'd be no "history" of
previously
run programs that displays generally.

My Start->Run history also is not there



Please advice on what I'm doing wrong/missing.


Appreciate the assistance in advance
-albunix
		
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.

On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
>   Hello!
> 
> This is my setup
> 
> Using 3.0.14a-3sarge on Deb.
> 
> This is my smb.conf file
> ----------------------------------------
> # Global parameters
> [global]
>         workgroup = MYWORKGROUP
>         server string = Samba Server
>         obey pam restrictions = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
>         #turn this on for loggin purposes
>         #log level = 4
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         time server =  Yes
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add user script = /usr/sbin/useradd -m %u
>         delete user script = /usr/sbin/userdel -r %u
>         add group script = /usr/sbin/groupadd %g
>         delete group script = /usr/sbin/groupdel %g
>         add user to group script = /usr/sbin/usermod -G %g %u
>         add machine script = /usr/sbin/useradd -s /bin/false \
> -d /dev/null %u
>         logon path = \\%L\profiles\%u
>         logon drive = H:
>         domain logons = Yes
>         os level =  65
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         hosts allow = 192.168.
>         ;--000000000000000000000000000000000000000
>         ;--keep this options disabled
>         ;--since they generate a lot of disk space
>         ;--000000000000000000000000000000000000000
>         ;recyclebin options
>         #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
>         #recycle:keeptree = True
>         #recycle:touch =  True
>         #recycle:versions = True
>         #recycle:noversions = .doc|.xls|.ppt
>         #recycle:repository = %u's_network_Recycle_Bin
>         #recycle:maxsize = 10000000
>         create mask = 0777
>         directory mask = 0777
>         #vfs objects = recycle
> [homes]
>         comment = Home Directories
>         read onfiltered= No
>         create mask = 0664
>         directory mask = 0775
>         invalid users = mp3
> [Shared]
>         comment = Miscellaneous Shared  Files
>         read onfiltered= No
>         create mask = 0664
>         directory mask = 0775
>         path = /home/samba/Shared
>         invalid users = mp3
> 
> [tmp]
>         comment = Temporary Share
>         path = /tmp
>         read onfiltered= No
>         invalid users = mp3
> 
> [mp3s]
>         comment = Mp3 files
>         path = /export/mp3s
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         browseable =  No
> [profiles]
>         path = /home/samba/samba-ntprof
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         invalid users = mp3
> [backup]
>         comment = backup files
>         path = /export/backup
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         valid users = john
>         invalid users = mp3
> 
> ------------------------------------------------------
> 
> net groupmap list  shows
> 
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
> Domain Admins (S-1-5-21-2890933770-3660815257-1026551046-512) ->
domainadmins
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513) -> users
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> 
> 
> /etc/group contains
> 
> domainadmins:x:112:john
> users:x:100:jeremy,todd,matt
> 
> ---------------------------------------------
> 
> Issue is: All besides john, who's a member of "Domain Admins"
can login
> just fine.  However, the roaming profile seem not to be writeable to it,
since
> any changes, say a bookmark on Firefox would not be saved during  next
login.
> 
> Also, if one were to hit Start button, there'd be no
"history" of previously
> run programs that displays generally.
> 
> My Start->Run history also is not there
> 
> 
> 
> Please advice on what I'm doing wrong/missing.
> 
> 
> Appreciate the assistance in advance
----
try adding....

[profiles]
>         path = /home/samba/samba-ntprof
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         invalid users = mp3
      profile acls = yes
      csc policy = disable

also - check permissions on directory...

ls -ld /home/samba/samba-ntprof

s/b something like

rwxrwxr_x  root users

chmod 775 /home/samba/samba-ntprof
chown root:users /home/samba/samba-ntprof

and I am assuming that all 'users' are added to the 'users'
group

Craig

Craig!


Thanks all for your help so far.

I went ahead and tried some crazy workarounds which were successful on my end. 
The procedure is as follows


1)it totally does /not/ matter if the users are member of the "Domain
Users" group at all

2)I addedd a real user call it 'test', than add it as a samba user

3)Logged in as XP Admin and copied one of my problematic user's profile as
the
  'test' user's profile

4)blew away the problematic user's profile from the
/home/samba/samba-netprof directory

5)logged in as the 'test' samba user to make sure all my settings,
including

 start-->run history and 100% everything else was there... and it was :)

6)logged off, and 
  
  a)cd /home/samba/samba-netprof
  b)mv 'test'    'matt' <<---one of my problematic users
  c)usermod -u NEWUID matt
  d)chown -R matt.  matt    (note that there's a dot . after the first matt)
  
7)logged as XP admin again and blew away matt's profile

8)logged in as matt and voila...all was there :)

9)blew away matt's profile onto every other XP box that was joined onto the
domain


Hope this will help anyone with a weird ass problem like mine


This was originated from my actually migrating off a Redhat-->Debian
and did not come to play untill i formated my XP desktops

-albunix


sh test <shmailtest@yahoo.com> wrote: Craig,

Yup. sid shows as S-1-5-21-2890933770-3660815257-1026551046

and Start => System => Advanced => User Profiles

shows the users as Roaming




Craig White <craigwhite@azapple.com> wrote: Are their machines joined to
the domain?

What is output of 'net getlocalsid' ?

is it S-1-5-21-2890933770-3660815257-1026551046  ?

if you check on the Windows system where roaming profiles aren't
working...

Start => System => Advanced => User Profiles => do they show as
roaming?

Craig

On Sat, 2006-04-08 at 08:08 -0700, sh test wrote:
> Craig!
> 
> Thanks for the reply.
> 
> I addedd 
> 
> profile acls = yes
> csc policy = disable
> 
> also, my 
> 
> drwxrwxrwt  4 root users 4096 Apr  7  21:48 /home/samba/samba-ntprof/
> 
> and all the users are in the users's group
> 
> users:x:100:jeremy,todd,matt
> 
> Restarted samba after the above change and still no-go
> 
> 
> 
> Craig White  wrote:
>         On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
>         > Hello!
>         > 
>         > This is my setup
>         > 
>         > Using 3.0.14a-3sarge on Deb.
>         > 
>         > This is my smb.conf file
>         > ----------------------------------------
>         > # Global parameters
>         > [global]
>         > workgroup = MYWORKGROUP
>         > server string = Samba Server
>         > obey pam restrictions = Yes
>         > passwd program = /usr/bin/passwd %u
>         > passwd chat = *New*password* %n\n  *Retype*new*password* %n\n
>         *passwd:*all*authentication*tokens*updated*successfully*
>         > #turn this on for loggin purposes
>         > #log level = 4
>         > log file = /var/log/samba/%m.log
>         > max log size = 0
>         > time server = Yes
>         > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         > add user script = /usr/sbin/useradd -m %u
>         > delete user script = /usr/sbin/userdel -r %u
>         > add group script = /usr/sbin/groupadd %g
>         > delete group script = /usr/sbin/groupdel %g
>         > add user to group script = /usr/sbin/usermod -G %g %u
>         > add machine script = /usr/sbin/useradd -s /bin/false \
>         > -d /dev/null %u
>         > logon path = \\%L\profiles\%u
>         > logon drive = H:
>         > domain logons = Yes
>          > os level = 65
>         > preferred master = Yes
>         > domain master = Yes
>         > dns proxy = No
>         > wins support = Yes
>         > hosts allow = 192.168.
>         > ;--000000000000000000000000000000000000000
>         > ;--keep this options disabled
>         > ;--since they generate a lot of disk space
>         > ;--000000000000000000000000000000000000000
>         > ;recyclebin options
>         > #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
>         > #recycle:keeptree = True
>         > #recycle:touch = True
>         > #recycle:versions = True
>         > #recycle:noversions = .doc|.xls|.ppt
>         > #recycle:repository = %u's_network_Recycle_Bin
>         > #recycle:maxsize = 10000000
>         > create mask = 0777
>         > directory mask = 0777
>          > #vfs objects = recycle
>         > [homes]
>         > comment = Home Directories
>         > read onfiltered= No
>         > create mask = 0664
>         > directory mask = 0775
>         > invalid users = mp3
>         > [Shared]
>         > comment = Miscellaneous Shared Files
>         > read onfiltered= No
>         > create mask = 0664
>         > directory mask = 0775
>         > path = /home/samba/Shared
>         > invalid users = mp3
>         > 
>         > [tmp]
>         > comment = Temporary Share
>         > path = /tmp
>         > read onfiltered= No
>         > invalid users = mp3
>         > 
>         > [mp3s]
>         > comment = Mp3 files
>         > path = /export/mp3s
>         > 
>         > [netlogon]
>         >  comment = Network Logon Service
>         > path = /home/samba/netlogon
>         > browseable = No
>         > [profiles]
>         > path = /home/samba/samba-ntprof
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > browseable = No
>         > invalid users = mp3
>         > [backup]
>         > comment = backup files
>         > path = /export/backup
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > valid users = john
>         > invalid users = mp3
>         > 
>         > ------------------------------------------------------
>         > 
>         > net groupmap list shows
>         > 
>         > System Operators (S-1-5-32-549) -> -1
>          > Replicators (S-1-5-32-552) -> -1
>         > Guests (S-1-5-32-546) -> -1
>         > Domain Guests
>         (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
>         > Domain Admins
>         (S-1-5-21-2890933770-3660815257-1026551046-512) ->
>         domainadmins
>         > Power Users (S-1-5-32-547) -> -1
>         > Print Operators (S-1-5-32-550) -> -1
>         > Administrators (S-1-5-32-544) -> -1
>         > Account Operators (S-1-5-32-548) -> -1
>         > Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513)
>         -> users
>         > Backup Operators (S-1-5-32-551) -> -1
>         > Users (S-1-5-32-545) -> -1
>         > 
>         > 
>         > /etc/group contains
>         > 
>         > domainadmins:x:112:john
>         >  users:x:100:jeremy,todd,matt
>         > 
>         > ---------------------------------------------
>         > 
>         > Issue is: All besides john, who's a member of "Domain
>         Admins" can login
>         > just fine. However, the roaming profile seem not to be
>         writeable to it, since
>         > any changes, say a bookmark on Firefox would not be saved
>         during next login.
>         > 
>         > Also, if one were to hit Start button, there'd be no
>         "history" of previously 
>         > run programs that displays generally.
>         > 
>         > My Start->Run history also is not there
>         > 
>         > 
>         > 
>         > Please advice on what I'm doing wrong/missing.
>         > 
>         > 
>         > Appreciate the assistance in  advance
>         ----
>         try adding....
>         
>         [profiles]
>         > path = /home/samba/samba-ntprof
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > browseable = No
>         > invalid users = mp3
>         profile acls = yes
>         csc policy = disable
>         
>         also - check permissions on directory...
>         
>         ls -ld /home/samba/samba-ntprof
>         
>         s/b something like
>         
>         rwxrwxr_x root users
>         
>         chmod 775 /home/samba/samba-ntprof
>         chown root:users /home/samba/samba-ntprof
>         
>         and I am assuming that all 'users' are added to the
'users'
>         group
>         
>         Craig
>          


   

---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates
starting at 1??/min.

		
---------------------------------
How low will we go? Check out Yahoo! Messenger?s low  PC-to-Phone call rates.