I tried to build a setup to model and hence learn how to configure samba
servers for the setup that I described below.
However, a user login in which the profile is defined to be on a samba
server that is not the PDC never gets a roaming profile -- instead the user
always gets a temporary profile. Looking at the Windows logs, it is
complaining about a permissions issue. However, once logged in (with the
temporary profile), that user can create and modify files in the profile
directory. I have turned logging level to 3, but I don't see anything
useful.
The PDC is running SAMBA 3.5.11, while the other server (modeling the
fileserver in the proposed network) is running SAMBA 3.5.10.
The usernames exist in the /etc/passwd files on both machines (although I
think that I should not need this if I can get winbindd working properly).
Home directories for the suers exist on both machines.
Some specifics:
1. smb.conf from the "fileserver" (Not the PDC, but the machine where
the
profile directories are found):
[global]
workgroup = MATTHEWS
server string = Samba Server Version %v
netbios name = sambatest
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
security = domain
passdb backend = tdbsam
password server = firewall
idmap backend = tdb
idmap uid = 9000-9999
idmap gid = 9000-9999
local master = no
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[profiles]
comment = profiles
path = /export/profiles
browseable = yes
guest ok = yes
smb.conf from the PDC:
[global]
workgroup = MATTHEWS
netbios aliases = SERVER, firewall, newfirewall
server string = Samba Server %v
interfaces = 192.168.89.1, 127.0.0.1, 192.168.89.2, 192.168.89.6,
10.9.0.1
bind interfaces only = Yes
security = user
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
os level = 90
preferred master = Yes
domain master = Yes
domain logons = yes
dns proxy = No
wins server = 192.168.89.1
wins support = Yes
admin users = root, simon, @wheel
hosts allow = 192.168.0.0/255.255.0.0, 10.8.0.0/24
hosts deny = 0.0.0.0/0
passdb backend = tdbsam
logon path = \\%N\profiles\%U
logon home = \\firewall\%U\winprofile
[profiles]
comment = profiles
path = /export/profiles
read only = No
[homes]
comment = Home Directories
path = /home/%u
read only = No
[allhomes]
comment = Home Directories
path = /home
guest ok = Yes
[print$]
path = /var/lib/samba/printers
guest ok = Yes
[CD]
path = /mnt/cdrom/
guest ok = Yes
[certs]
path = /home/certs
guest ok = Yes
[pub]
path = /home/pub
read only = No
guest ok = Yes
[HP]
comment = HP Printer
path = /tmp
guest ok = Yes
printable = Yes
print command = lpr -P HP -oraw -r -l %s
lpq command = lpq -P'HP'
lprm command = lprm -P'HP' %j
use client driver = Yes
[Laser]
path = /tmp
printable = Yes
pdb data for user that cannot get a profile:
pdbedit -v simontest
Unix username: simontest
NT username:
Account Flags: [U ]
User SID: S-1-5-21-812011073-3920078087-27638135-1004
Primary Group SID: S-1-5-21-812011073-3920078087-27638135-513
Full Name:
Home Directory: \\firewall\simontest\winprofile
HomeDir Drive:
Logon Script:
Profile Path: \\sambatest\profiles\simontest
Domain: MATTHEWS
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 07:06:39 PST
Kickoff time: Wed, 06 Feb 2036 07:06:39 PST
Password last set: Sat, 24 Mar 2012 15:09:20 PDT
Password can change: Sat, 24 Mar 2012 15:09:20 PDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Does anyone have any suggestions on what might be wrong? If it needs
entries from the log files, I can add these.
Simon
On Sat, Mar 24, 2012 at 12:09 PM, Simon Matthews <simon.d.matthews at
gmail.com> wrote:
> I currently have a server which is both the PDC for my domain and the file
> server for the network.
>
> I need to split these functions and move the PDC function to another box,
> while leaving the original server as the file server on which home
> directories and roaming profiles are stored. User credentials are stored in
> a tdbsam database and I am running Samba 3.5.
>
> Does anyone have any pointers on what to move and any potential pitfalls
> in the process? I have always used the same machine for both the PDC and
> file server, so this is somewhat unknown territory for me. I assume that
> the file server will still run samba, and I will change the "domain
master
> = " and "domain logins = " to no in both cases. Also
"security =" should be
> set to "security = domain" and add set up a machine account on
the file
> server which is then joined to the domain?
>
> What files need to be moved to the new samba server? I see that there are
> files in /var/cache/samba (it's a Gentoo system) which I assume also
have
> to be put into the proper place on the new server. Is there anything else I
> need to look for.
>
> Many thanks for any suggestions.
>
> Simon
>