Charles Kozler
2011-Jun-17 16:17 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
Hi All, I have recently successfully configured Samba 3.3.15 and OpenLDAP as my offices PDC. I would like to disable the roaming profiles capability but it appears that no matter what I said, it is being ignored by Samba. First is my relevant snippet for the Logon Path and Logon Home being empty as described in the documentation. Then, following that, is my entire smb.conf -- please let me know if you see any reason as to why Samba would be ignoring the parameters and still attempting a roaming profile logon. I would like to edit this through Samba rather than making per-PC configuration changes as described in the other two points in the documentation. Thank you [12:39:25][root at dc:/var/lib/samba/profiles]$ smbd -V Version 3.3.15 [12:23:55][root at dc:/var/lib/samba/profiles]$ grep -i logon /etc/samba/smb.conf logon path #logon drive = H: logon home #logon script = %U.bat #logon script = logon.bat domain logons = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon * /etc/samba/smb.conf* # --------- smb.conf start --------- [global] workgroup = FIXFLYER netbios name = FIXFLYER passdb backend = ldapsam:ldap://127.0.0.1 printcap name = cups printing = cups security = user log level = 3 ldap ssl = off ldap admin dn = cn=Manager,dc=dc,dc=fixflyer,dc=com ldap suffix = dc=dc,dc=fixflyer,dc=com ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" logon path #logon drive = H: logon home #logon script = %U.bat #logon script = logon.bat domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 passwd program = /usr/bin/passwd '%u' unix password sync = yes passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" %n\n "*updated successfully*" enable privileges = yes username map = /etc/samba/smbusers wins support = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No admin users = Administrator valid users = %U [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes create mask = 0600 directory mask = 0700 # --------- smb.conf end --------- -- -- *ATTENTION*: Please note my new cell phone number Regards, Chuck Kozler Infrastructure & Systems Administrator --- Office: 1-646-290-6267 Mobile: 1-646-385-3684 FIX Flyer Notice to Recipient: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to FIX Flyer LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information is reserved by FIX Flyer LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies.
TAKAHASHI Motonobu
2011-Jun-20 17:29 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
From: Charles Kozler <charles at fixflyer.com> Date: Fri, 17 Jun 2011 12:17:51 -0400> I would like to disable the roaming profiles capability but it appears > that no matter what I said, it is being ignored by Samba. > > First is my relevant snippet for the Logon Path and Logon Home being > empty as described in the documentation. Then, following that, is my > entire smb.conf -- please let me know if you see any reason as to why > Samba would be ignoring the parameters and still attempting a roaming > profile logon.You have to remove these settings from users already created when you changed "logon hone" and "logon path" parameters to empty one. You can see current configuration of a user: pdbedit -v a-user --- TAKAHASHI Motonobu <monyo at samba.gr.jp> / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot
Charles Kozler
2011-Jun-20 17:53 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
Thank you for your response. I had tried that already and it still did not work. I tried creating new users after setting the aforementioned configuration settings to Samba but it still did not work. Do I need to remove the LDAP user entry completely and not just the value? For instance, will a blank value for sambaProfilePath (or whatever ) inside LDAP still cause Windows to attempt a roaming profile load regardless of what Samba has in its configuration settings? -- *ATTENTION*: Please note my new cell phone number Regards, Chuck Kozler Infrastructure & Systems Administrator --- Office: 1-646-290-6267 Mobile: 1-646-385-3684 FIX Flyer Notice to Recipient: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to FIX Flyer LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information is reserved by FIX Flyer LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. On 06/20/11 13:29, TAKAHASHI Motonobu wrote:> From: Charles Kozler<charles at fixflyer.com> > Date: Fri, 17 Jun 2011 12:17:51 -0400 > >> I would like to disable the roaming profiles capability but it appears >> that no matter what I said, it is being ignored by Samba. >> >> First is my relevant snippet for the Logon Path and Logon Home being >> empty as described in the documentation. Then, following that, is my >> entire smb.conf -- please let me know if you see any reason as to why >> Samba would be ignoring the parameters and still attempting a roaming >> profile logon. > You have to remove these settings from users already created when you > changed "logon hone" and "logon path" parameters to empty one. > > You can see current configuration of a user: > pdbedit -v a-user > > --- > TAKAHASHI Motonobu<monyo at samba.gr.jp> / @damemonyo > http://damedame.monyo.com/ / http://facebook.com/monyot
TAKAHASHI Motonobu
2011-Jun-22 16:38 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
From: Charles Kozler <charles at fixflyer.com> Date: Mon, 20 Jun 2011 13:53:40 -0400> I had tried that already and it still did not work. I tried creating > new users after setting the aforementioned configuration settings to > Samba but it still did not work.You are using smbldap-tools, so you have to unset userProfile in smbldap.conf. --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot
Charles Kozler
2011-Jun-22 16:52 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
Did that as well. As I had previously noted, if there is an LDAP entry for a profile path specified, will Windows try to force load a roaming profile and Samba options ignored? -- *ATTENTION*: Please note my new cell phone number Regards, Chuck Kozler Infrastructure & Systems Administrator --- Office: 1-646-290-6267 Mobile: 1-646-385-3684 FIX Flyer Notice to Recipient: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to FIX Flyer LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information is reserved by FIX Flyer LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. On 06/22/11 12:38, TAKAHASHI Motonobu wrote:> From: Charles Kozler<charles at fixflyer.com> > Date: Mon, 20 Jun 2011 13:53:40 -0400 > >> I had tried that already and it still did not work. I tried creating >> new users after setting the aforementioned configuration settings to >> Samba but it still did not work. > You are using smbldap-tools, so you have to unset userProfile in > smbldap.conf. > > --- > TAKAHASHI Motonobu<monyo at monyo.com> / @damemonyo > http://damedame.monyo.com/ / http://facebook.com/monyot
TAKAHASHI Motonobu
2011-Jun-22 17:15 UTC
[Samba] Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
From: Charles Kozler <charles at fixflyer.com> Date: Wed, 22 Jun 2011 12:52:35 -0400> As I had previously noted, if there is an LDAP entry for a profile path > specified, will Windows try to force load a roaming profile and Samba > options ignored?In modern passdb such as ldapsam and tdbsam (not smbpasswd), Samba parameters such as logon path, logon home are only defined as the default value. After an user is created and the default value is set, these parameters are ignored. --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot