Hi,
I have a domain controller which was configured to use the local profiles. We
have a relatively small group whose work required it. Now we are moving toward
using the domain for all machine with roaming profile. There are a lot of
posts dealing with the roaming profiles and the folder redirection. But I've
met some issues.
My configuration:
NS3 and SMB are hostnames of our servers.
PDC is located on NS3 and file server containing profiles and home shares on
SMB.
This is NS3 configuration:
# Global parameters
[global]
workgroup = CHAPPY-MS
netbios name = DS01
server string = Chappy Samba LDAP PDC Server
interfaces = 192.168.40.8/255.255.255.0
passdb backend = ldapsam:ldap://ds01/
enable privileges = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path = \\smb\profiles\%U\%a
logon drive = H:
logon home = \\smb\homes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=chappy,dc=com
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,dc=chappy,dc=com
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=chappy,dc=com
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
print command lpq command = %p
lprm command
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
This is SMB configuration:
[global]
workgroup = CHAPPY-MS
server string = file server
interfaces = 192.168.40.43
map to guest = Bad User
passdb backend = ldapsam:ldap://ds01
syslog = 0
log file = /var/log/samba/log.%m
max log size = 2048
keepalive = 0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
hostname lookups = Yes
load printers = No
dns proxy = No
wins server = 192.168.40.8
kernel oplocks = No
ldap admin dn = cn=admin,dc=chappy,dc=com
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,dc=chappy,dc=com
ldap machine suffix = ou=computers
ldap suffix = dc=chappy,dc=com
ldap ssl = no
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
[homes]
comment = Home Share
path = /san/export/home/%S
valid users = %S
write list = %S
force create mode = 0600
force directory mode = 0700
hide special files = Yes
browseable = No
[profiles]
comment = Profiles Share
path = /san/export/samba/profiles
read only = No
force create mode = 0664
force directory mode = 0775
profile acls = Yes
hide files = /Application Data/Cookies/Local\
Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/
store dos attributes = Yes
browseable = No
csc policy = disable
Netlogon on NS3 has a Default User configuration redirecting Desktop, My
Documents, My Pictures, My Music, Personal to the appropriate directories on
%HOMEDRIVE%:
Desktop - %HOMEDRIVE%\Desktop
My Documents - %HOMEDRIVE%\My Documents
My Pictures - %HOMEDRIVE%\My Documents\My Pictures
etc..
The local group policy disables the offline files and the roaming profile
synchronization for Desktop, My Documents and Application Data. These settings
were based on Samba by Examples, ch.5 and 6.
During the first log in the user grabs the configured profile from netlogon
share and correctly setup all files. But when user logged off it watched
synchronizing window where it syncs the user home directory.
At the same time the user can write/read home drive with no problems. The
popup message "offline files - working offline" is rather annoying.
Could anybody give me an idea what is wrong? Or maybe I should use
%LOGONPROFILE% variable instead of %HOMEDRIVE%?
If the synchronization window is normal for such configuration is there any
advantage of using the folder redirection with the roaming profile? Maybe it
is better to disable synchronization of some directories and train users to
keep their documents on home drive arguing that this is a safe place?
Yauheni Labko (Eugene Lobko)
Junior System Administrator
Chapdelaine & Co
(212)208-9150
The problem was resolved after rejoining the domain. It looks like the policy was not updated though I rebooted the machine and did gpupdate. Yauheni Labko (Eugene Lobko) Junior System Administrator Chapdelaine & Co. (212)208-9150 On Monday 19 October 2009 01:42:09 pm Yauheni Labko wrote:> Hi, > > I have a domain controller which was configured to use the local profiles. > We have a relatively small group whose work required it. Now we are moving > toward using the domain for all machine with roaming profile. There are a > lot of posts dealing with the roaming profiles and the folder redirection. > But I've met some issues. > > My configuration: > NS3 and SMB are hostnames of our servers. > PDC is located on NS3 and file server containing profiles and home shares > on SMB. > > This is NS3 configuration: > # Global parameters > [global] > workgroup = CHAPPY-MS > netbios name = DS01 > server string = Chappy Samba LDAP PDC Server > interfaces = 192.168.40.8/255.255.255.0 > passdb backend = ldapsam:ldap://ds01/ > enable privileges = Yes > passwd program = /usr/sbin/smbldap-passwd -u "%u" > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > printcap name = cups > add user script = /usr/sbin/smbldap-useradd -m "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > logon path = \\smb\profiles\%U\%a > logon drive = H: > logon home = \\smb\homes > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap admin dn = cn=admin,dc=chappy,dc=com > ldap delete dn = Yes > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap,dc=chappy,dc=com > ldap machine suffix = ou=computers > ldap passwd sync = Yes > ldap suffix = dc=chappy,dc=com > ldap user suffix = ou=people > panic action = /usr/share/samba/panic-action %d > idmap uid = 15000-20000 > idmap gid = 15000-20000 > printing = cups > print command > lpq command = %p > lprm command > > [netlogon] > path = /var/lib/samba/netlogon > browseable = No > > > This is SMB configuration: > > [global] > workgroup = CHAPPY-MS > server string = file server > interfaces = 192.168.40.43 > map to guest = Bad User > passdb backend = ldapsam:ldap://ds01 > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 2048 > keepalive = 0 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > SO_RCVBUF=8192 SO_SNDBUF=8192 > hostname lookups = Yes > load printers = No > dns proxy = No > wins server = 192.168.40.8 > kernel oplocks = No > ldap admin dn = cn=admin,dc=chappy,dc=com > ldap delete dn = Yes > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap,dc=chappy,dc=com > ldap machine suffix = ou=computers > ldap suffix = dc=chappy,dc=com > ldap ssl = no > ldap user suffix = ou=people > panic action = /usr/share/samba/panic-action %d > > [homes] > comment = Home Share > path = /san/export/home/%S > valid users = %S > write list = %S > force create mode = 0600 > force directory mode = 0700 > hide special files = Yes > browseable = No > > [profiles] > comment = Profiles Share > path = /san/export/samba/profiles > read only = No > force create mode = 0664 > force directory mode = 0775 > profile acls = Yes > hide files = /Application Data/Cookies/Local\ > Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/ > store dos attributes = Yes > browseable = No > csc policy = disable > > > Netlogon on NS3 has a Default User configuration redirecting Desktop, My > Documents, My Pictures, My Music, Personal to the appropriate directories > on %HOMEDRIVE%: > Desktop - %HOMEDRIVE%\Desktop > My Documents - %HOMEDRIVE%\My Documents > My Pictures - %HOMEDRIVE%\My Documents\My Pictures > etc.. > > The local group policy disables the offline files and the roaming profile > synchronization for Desktop, My Documents and Application Data. These > settings were based on Samba by Examples, ch.5 and 6. > > During the first log in the user grabs the configured profile from > netlogon share and correctly setup all files. But when user logged off it > watched synchronizing window where it syncs the user home directory. > At the same time the user can write/read home drive with no problems. The > popup message "offline files - working offline" is rather annoying. > > Could anybody give me an idea what is wrong? Or maybe I should use > %LOGONPROFILE% variable instead of %HOMEDRIVE%? > If the synchronization window is normal for such configuration is there any > advantage of using the folder redirection with the roaming profile? Maybe > it is better to disable synchronization of some directories and train > users to keep their documents on home drive arguing that this is a safe > place? > > Yauheni Labko (Eugene Lobko) > Junior System Administrator > Chapdelaine & Co > (212)208-9150 >
Apparently Analagous Threads
- CTDB+GFS2+CMAN. clean_start="0" or clean_start="1"?
- Writing My Own Function to Use With aggregate
- SPF1 txt records
- [PATCH node-image] Add ability to set persistent ssh_host_keys on the node, usefull if you run diskless instance of ovirt-node
- Puppet 3 and master cert error ...