I am moving our Samba Server from Solaris to Linux on a new server. I
have the users moved the users home directories moved and showing up
correctly on the workstations. The Profiles are in the Users home directory.
Users profiles seem to be saving correctly and being read, however no
changes can be made to them.
The new server are Ubuntu AMD64 Linux with Samba 3.0.22 One of these is
the PDC. The legacy Servers are Solaris 8 running Samba 3.0.24. We are
using winbindd and local tdb files on the PDC for authentication. We
plan to migrate to LDAP latter. I have used SWAT to configure each server.
[globals]
logon path = \\PDC\%U\profile
logon drive = U:
logon home = \\PDC\%U
[profiles]
comment = Windows Roaming Profiles
path = /home/%U/profile
read only = No
create mask = 0664
force create mode = 0775
directory mask = 0775
force directory mode = 0774
store dos attributes = Yes
browseable = No
[homes]
path = /home/%U
read only = No
store dos attributes = Yes
--
*Robert Steinmetz, AIA*
Principal
*Steinmetz & Associates*
I'm assuming that you've not shown us your full smb.conf. This does make it tricky to figure out what you've got however. In general, I believe that you need to give the world full access to the profiles. Also, you haven't got a "profile acls = Yes" line in the part of your smb.conf you've shared with us. Despite not defaulting to Yes, this seems to be needed. Robert Steinmetz wrote:> I am moving our Samba Server from Solaris to Linux on a new server. I > have the users moved the users home directories moved and showing up > correctly on the workstations. The Profiles are in the Users home > directory. > > Users profiles seem to be saving correctly and being read, however no > changes can be made to them. > > The new server are Ubuntu AMD64 Linux with Samba 3.0.22 One of these > is the PDC. The legacy Servers are Solaris 8 running Samba 3.0.24. We > are using winbindd and local tdb files on the PDC for authentication. > We plan to migrate to LDAP latter. I have used SWAT to configure each > server. > > [globals] > logon path = \\PDC\%U\profile > logon drive = U: > logon home = \\PDC\%U > > [profiles] > comment = Windows Roaming Profiles > path = /home/%U/profile > read only = No > create mask = 0664 > force create mode = 0775 > directory mask = 0775 > force directory mode = 0774 > store dos attributes = Yes > browseable = No > [homes] > path = /home/%U > read only = No > store dos attributes = Yes > >
The permissions I believe the world needs are rwx. You only seem to be
giving them rx, and only r in the create mask. I'd try getting less
fancy and keep your profiles down to:
[profiles]
comment = Windows Roaming Profiles
path = /home/%U/profile
read only = No
store dos attributes = Yes
and even then I don't know about the last line. Mine just use a path
and read only = no. My profiles directory permissions are: drwxrwxrwt.
Robert Steinmetz wrote:> Gary Dale wrote:
>> I'm assuming that you've not shown us your full smb.conf. This
does
>> make it tricky to figure out what you've got however.
> Yes I only sent the parts that seem relevant to this problem. Here are
> the full globals and shares.
>
> [global]
> workgroup = DOMAIN
> server string = %h server (Samba, Ubuntu)
> obey pam restrictions = Yes
> password server = PDC 192.168.1.24 *
> passdb backend = tdbsam
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> time server = Yes
> hostname lookups = Yes
> logon path = \\PDC\%U\profile
> logon drive = U:
> logon home = \\PDC\%U
> domain logons = Yes
> os level = 33
> domain master = Yes
> wins proxy = Yes
> wins support = Yes
> ldap ssl = no
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind nested groups = Yes
> admin users = root, administrator
> hosts allow = 192.168.1.0/255.255.255.0
> profile acls = Yes
>
> [printers]
> comment = All Printers
> path = /tmp
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = Yes
> browseable = No
>
> [profiles]
> comment = Windows Roaming Profiles
> path = /home/%U/profile
> read only = No
> create mask = 0664
> force create mode = 0775
> directory mask = 0775
> force directory mode = 0775
> store dos attributes = Yes
>
> [homes]
> path = /home/%U
> read only = No
> store dos attributes = Yes
>> In general, I believe that you need to give the world full access to
>> the profiles.
> Which settings are you referring to here? File permissions, acls etc.?
>> Also, you haven't got a "profile acls = Yes" line in the
part of your
>> smb.conf you've shared with us. Despite not defaulting to Yes, this
>> seems to be needed
> I didn't have that one set. I changed it, see above. Still no luck.
>