samba - Jun 2015 - user profil wipe in a samba 4 AD domain

Hi,

We have set up an Active Directory using samba4 (Zentyal), everything
seems to be all right tilll the point were user profile are wiped out.

We noticed when one of our linux uer tryed to connect to a windows
workstation. It was allow so it juste created the user on the windows
workstation. Few minutes later we realize that every domain account on
the windows box were wiped, and the linux account also wiped.

We could not find any reason for that, nor explanation in the log, I
may be missing something as I could not understand all the mechanisms
involved.


we use samba 4.0. and pbis 8.2 client on the linux boxes.


Thanks for your help


Joseph GUARAGNA

On 11/06/15 08:09, joseph-andre Guaragna wrote:
> Hi,
>
> We have set up an Active Directory using samba4 (Zentyal), everything
> seems to be all right tilll the point were user profile are wiped out.
What do you mean by 'user profile are wiped out' ?
Do you mean just one user is removed ?
Or something else ?

How is the 'wiping' being done ?
>
> We noticed when one of our linux uer tryed to connect to a windows
> workstation. It was allow so it juste created the user on the windows
> workstation. Few minutes later we realize that every domain account on
> the windows box were wiped, and the linux account also wiped.
So the user can login but all other domain accounts on the PC have gone, 
Do the domain Accounts still exist on the AD DC ?

>
> We could not find any reason for that, nor explanation in the log, I
> may be missing something as I could not understand all the mechanisms
> involved.
>
>
> we use samba 4.0. and pbis 8.2 client on the linux boxes.
>
Rowland
> Thanks for your help
>
>
> Joseph GUARAGNA

On 11/06/15 10:13, joseph-andre Guaragna wrote:
> 2015-06-11 11:03 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>> On 11/06/15 08:09, joseph-andre Guaragna wrote:
>>> Hi,
>>>
>>> We have set up an Active Directory using samba4 (Zentyal),
everything
>>> seems to be all right tilll the point were user profile are wiped
out.
>>
>> What do you mean by 'user profile are wiped out' ?
> I mean all user data wiped
>> Do you mean just one user is removed ?
> all user from the workstation
>> Or something else ?
>>
>> How is the 'wiping' being done ?
> the user's folder still exist but there is no data, it is like is
> recreated the whole profile
>>> We noticed when one of our linux uer tryed to connect to a windows
>>> workstation. It was allow so it juste created the user on the
windows
>>> workstation. Few minutes later we realize that every domain account
on
>>> the windows box were wiped, and the linux account also wiped.
>>
>> So the user can login but all other domain accounts on the PC have
gone, Do
>> the domain Accounts still exist on the AD DC ?
> Yes the users still exists on the domain, and can still connect on any
> workstation they are supposed to.
>>
>>> We could not find any reason for that, nor explanation in the log,
I
>>> may be missing something as I could not understand all the
mechanisms
>>> involved.
>>>
>>>
>>> we use samba 4.0. and pbis 8.2 client on the linux boxes.
>>>
>> Rowland
>>
>>> Thanks for your help
>>>
>>>
>   Joseph GUARAGNA
Taking this back on list where it belongs.

I think I understand your problem now, but just a few questions to 
confirm what I am thinking.
Were your windows machines part of a domain before ?
If so, what type of domain ?
If there was a domain, what was the server ?

Rowland

On 11/06/15 11:28, joseph-andre Guaragna wrote:
> No they used to be in WORKGROUP.
>
> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide
> to move a more centralised way of identifying our users.
>
> At first everything work then, we ran in the situation described below.
>
>
>
>
> Meilleures salutations / Best regards,
>
> Joseph-Andr? GUARAGNA
> ing?nieur Syst?me et R?seau / Network and System engineer
>
>
>
> RD MACHINES-OUTILS
>
> 77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
> www.rdmo.com / www.rdmo-spare-parts.com
>
>
> 2015-06-11 11:59 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>> On 11/06/15 10:13, joseph-andre Guaragna wrote:
>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote:
>>>>> Hi,
>>>>>
>>>>> We have set up an Active Directory using samba4 (Zentyal),
everything
>>>>> seems to be all right tilll the point were user profile are
wiped out.
>>>>
>>>> What do you mean by 'user profile are wiped out' ?
>>> I mean all user data wiped
>>>> Do you mean just one user is removed ?
>>> all user from the workstation
>>>> Or something else ?
>>>>
>>>> How is the 'wiping' being done ?
>>> the user's folder still exist but there is no data, it is like
is
>>> recreated the whole profile
>>>>> We noticed when one of our linux uer tryed to connect to a
windows
>>>>> workstation. It was allow so it juste created the user on
the windows
>>>>> workstation. Few minutes later we realize that every domain
account on
>>>>> the windows box were wiped, and the linux account also
wiped.
>>>>
>>>> So the user can login but all other domain accounts on the PC
have gone,
>>>> Do
>>>> the domain Accounts still exist on the AD DC ?
>>> Yes the users still exists on the domain, and can still connect on
any
>>> workstation they are supposed to.
>>>>
>>>>> We could not find any reason for that, nor explanation in
the log, I
>>>>> may be missing something as I could not understand all the
mechanisms
>>>>> involved.
>>>>>
>>>>>
>>>>> we use samba 4.0. and pbis 8.2 client on the linux boxes.
>>>>>
>>>> Rowland
>>>>
>>>>> Thanks for your help
>>>>>
>>>>>
>>>    Joseph GUARAGNA
>>
>> Taking this back on list where it belongs.
>>
>> I think I understand your problem now, but just a few questions to
confirm
>> what I am thinking.
>> Were your windows machines part of a domain before ?
>> If so, what type of domain ?
>> If there was a domain, what was the server ?
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
Will you please not send posts directly to me, please reply to the list.

OK, your answer confirms what I thought, your original profiles haven't 
gone away, they will still be there, but you cannot see them because 
they are 'local' profiles and you are now using 'domain'
profiles.

i.e. local user joe is NOT the same user as DOMAIN\joe

Rowland

OK for the local profiles. I got both of them one call joe and the
other domain.joe.
Saw it, no problem about that. I copied the data from local to domain one.

The thing is that after few days the domain.joe was emptied. The joe
did stay the same.

And I do not get why the domain.joe got blanked (all data gone)

Cheers for the help

Meilleures salutations / Best regards,

Joseph-Andr? GUARAGNA
ing?nieur Syst?me et R?seau / Network and System engineer



RD MACHINES-OUTILS

77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
www.rdmo.com / www.rdmo-spare-parts.com


2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
> On 11/06/15 11:28, joseph-andre Guaragna wrote:
>>
>> No they used to be in WORKGROUP.
>>
>> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide
>> to move a more centralised way of identifying our users.
>>
>> At first everything work then, we ran in the situation described below.
>>
>>
>>
>>
>> Meilleures salutations / Best regards,
>>
>> Joseph-Andr? GUARAGNA
>> ing?nieur Syst?me et R?seau / Network and System engineer
>>
>>
>>
>> RD MACHINES-OUTILS
>>
>> 77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
>> www.rdmo.com / www.rdmo-spare-parts.com
>>
>>
>> 2015-06-11 11:59 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>
>>> On 11/06/15 10:13, joseph-andre Guaragna wrote:
>>>>
>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>>>
>>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We have set up an Active Directory using samba4
(Zentyal), everything
>>>>>> seems to be all right tilll the point were user profile
are wiped out.
>>>>>
>>>>>
>>>>> What do you mean by 'user profile are wiped out' ?
>>>>
>>>> I mean all user data wiped
>>>>>
>>>>> Do you mean just one user is removed ?
>>>>
>>>> all user from the workstation
>>>>>
>>>>> Or something else ?
>>>>>
>>>>> How is the 'wiping' being done ?
>>>>
>>>> the user's folder still exist but there is no data, it is
like is
>>>> recreated the whole profile
>>>>>>
>>>>>> We noticed when one of our linux uer tryed to connect
to a windows
>>>>>> workstation. It was allow so it juste created the user
on the windows
>>>>>> workstation. Few minutes later we realize that every
domain account on
>>>>>> the windows box were wiped, and the linux account also
wiped.
>>>>>
>>>>>
>>>>> So the user can login but all other domain accounts on the
PC have
>>>>> gone,
>>>>> Do
>>>>> the domain Accounts still exist on the AD DC ?
>>>>
>>>> Yes the users still exists on the domain, and can still connect
on any
>>>> workstation they are supposed to.
>>>>>
>>>>>
>>>>>> We could not find any reason for that, nor explanation
in the log, I
>>>>>> may be missing something as I could not understand all
the mechanisms
>>>>>> involved.
>>>>>>
>>>>>>
>>>>>> we use samba 4.0. and pbis 8.2 client on the linux
boxes.
>>>>>>
>>>>> Rowland
>>>>>
>>>>>> Thanks for your help
>>>>>>
>>>>>>
>>>>    Joseph GUARAGNA
>>>
>>>
>>> Taking this back on list where it belongs.
>>>
>>> I think I understand your problem now, but just a few questions to
>>> confirm
>>> what I am thinking.
>>> Were your windows machines part of a domain before ?
>>> If so, what type of domain ?
>>> If there was a domain, what was the server ?
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> Will you please not send posts directly to me, please reply to the list.
>
> OK, your answer confirms what I thought, your original profiles haven't
gone
> away, they will still be there, but you cannot see them because they are
> 'local' profiles and you are now using 'domain' profiles.
>
> i.e. local user joe is NOT the same user as DOMAIN\joe
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba