joseph-andre Guaragna
2015-Jun-11 13:12 UTC
[Samba] user profil wipe in a samba 4 AD domain
I look at your article, and it did not change my view about profile. As we did not use any roaming/mandatory profile, nor we have any redirection. the only roaming we have is dedicated to few users and we use NFS as they are under linux, and way more simpler to set up. Strangely we do not have problems with those profiles. Maybe I am in a situation were : "You can't see the wood for the trees" . Meilleures salutations / Best regards, Joseph-Andr? GUARAGNA ing?nieur Syst?me et R?seau / Network and System engineer RD MACHINES-OUTILS 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 www.rdmo.com / www.rdmo-spare-parts.com 2015-06-11 14:40 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:> On 11/06/15 12:56, joseph-andre Guaragna wrote: >> >> OK for the local profiles. I got both of them one call joe and the >> other domain.joe. >> Saw it, no problem about that. I copied the data from local to domain one. >> >> The thing is that after few days the domain.joe was emptied. The joe >> did stay the same. >> >> And I do not get why the domain.joe got blanked (all data gone) >> >> Cheers for the help >> >> Meilleures salutations / Best regards, >> >> Joseph-Andr? GUARAGNA >> ing?nieur Syst?me et R?seau / Network and System engineer >> >> >> >> RD MACHINES-OUTILS >> >> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >> www.rdmo.com / www.rdmo-spare-parts.com >> >> >> 2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>> >>> On 11/06/15 11:28, joseph-andre Guaragna wrote: >>>> >>>> No they used to be in WORKGROUP. >>>> >>>> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide >>>> to move a more centralised way of identifying our users. >>>> >>>> At first everything work then, we ran in the situation described below. >>>> >>>> >>>> >>>> >>>> Meilleures salutations / Best regards, >>>> >>>> Joseph-Andr? GUARAGNA >>>> ing?nieur Syst?me et R?seau / Network and System engineer >>>> >>>> >>>> >>>> RD MACHINES-OUTILS >>>> >>>> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >>>> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >>>> www.rdmo.com / www.rdmo-spare-parts.com >>>> >>>> >>>> 2015-06-11 11:59 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>>>> >>>>> On 11/06/15 10:13, joseph-andre Guaragna wrote: >>>>>> >>>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny >>>>>> <rowlandpenny at googlemail.com>: >>>>>>> >>>>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> We have set up an Active Directory using samba4 (Zentyal), >>>>>>>> everything >>>>>>>> seems to be all right tilll the point were user profile are wiped >>>>>>>> out. >>>>>>> >>>>>>> >>>>>>> What do you mean by 'user profile are wiped out' ? >>>>>> >>>>>> I mean all user data wiped >>>>>>> >>>>>>> Do you mean just one user is removed ? >>>>>> >>>>>> all user from the workstation >>>>>>> >>>>>>> Or something else ? >>>>>>> >>>>>>> How is the 'wiping' being done ? >>>>>> >>>>>> the user's folder still exist but there is no data, it is like is >>>>>> recreated the whole profile >>>>>>>> >>>>>>>> We noticed when one of our linux uer tryed to connect to a windows >>>>>>>> workstation. It was allow so it juste created the user on the >>>>>>>> windows >>>>>>>> workstation. Few minutes later we realize that every domain account >>>>>>>> on >>>>>>>> the windows box were wiped, and the linux account also wiped. >>>>>>> >>>>>>> >>>>>>> So the user can login but all other domain accounts on the PC have >>>>>>> gone, >>>>>>> Do >>>>>>> the domain Accounts still exist on the AD DC ? >>>>>> >>>>>> Yes the users still exists on the domain, and can still connect on any >>>>>> workstation they are supposed to. >>>>>>> >>>>>>> >>>>>>>> We could not find any reason for that, nor explanation in the log, I >>>>>>>> may be missing something as I could not understand all the >>>>>>>> mechanisms >>>>>>>> involved. >>>>>>>> >>>>>>>> >>>>>>>> we use samba 4.0. and pbis 8.2 client on the linux boxes. >>>>>>>> >>>>>>> Rowland >>>>>>> >>>>>>>> Thanks for your help >>>>>>>> >>>>>>>> >>>>>> Joseph GUARAGNA >>>>> >>>>> >>>>> Taking this back on list where it belongs. >>>>> >>>>> I think I understand your problem now, but just a few questions to >>>>> confirm >>>>> what I am thinking. >>>>> Were your windows machines part of a domain before ? >>>>> If so, what type of domain ? >>>>> If there was a domain, what was the server ? >>>>> >>>>> Rowland >>>>> >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >>> Will you please not send posts directly to me, please reply to the list. >>> >>> OK, your answer confirms what I thought, your original profiles haven't >>> gone >>> away, they will still be there, but you cannot see them because they are >>> 'local' profiles and you are now using 'domain' profiles. >>> >>> i.e. local user joe is NOT the same user as DOMAIN\joe >>> >>> >>> Rowland >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > > I think you need to understand profiles a bit better, start here: > https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 11/06/15 14:12, joseph-andre Guaragna wrote:> I look at your article, and it did not change my view about profile. > As we did not use any roaming/mandatory profile, nor we have any > redirection. > > the only roaming we have is dedicated to few users and we use NFS as > they are under linux, and way more simpler to set up. Strangely we do > not have problems with those profiles. Maybe I am in a situation were > : "You can't see the wood for the trees" . > > > Meilleures salutations / Best regards, > > Joseph-Andr? GUARAGNA > ing?nieur Syst?me et R?seau / Network and System engineer > > > > RD MACHINES-OUTILS > > 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE > Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 > www.rdmo.com / www.rdmo-spare-parts.com > > > 2015-06-11 14:40 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >> On 11/06/15 12:56, joseph-andre Guaragna wrote: >>> OK for the local profiles. I got both of them one call joe and the >>> other domain.joe. >>> Saw it, no problem about that. I copied the data from local to domain one. >>> >>> The thing is that after few days the domain.joe was emptied. The joe >>> did stay the same. >>> >>> And I do not get why the domain.joe got blanked (all data gone) >>> >>> Cheers for the help >>> >>> Meilleures salutations / Best regards, >>> >>> Joseph-Andr? GUARAGNA >>> ing?nieur Syst?me et R?seau / Network and System engineer >>> >>> >>> >>> RD MACHINES-OUTILS >>> >>> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >>> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >>> www.rdmo.com / www.rdmo-spare-parts.com >>> >>> >>> 2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>>> On 11/06/15 11:28, joseph-andre Guaragna wrote: >>>>> No they used to be in WORKGROUP. >>>>> >>>>> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide >>>>> to move a more centralised way of identifying our users. >>>>> >>>>> At first everything work then, we ran in the situation described below. >>>>> >>>>> >>>>> >>>>> >>>>> Meilleures salutations / Best regards, >>>>> >>>>> Joseph-Andr? GUARAGNA >>>>> ing?nieur Syst?me et R?seau / Network and System engineer >>>>> >>>>> >>>>> >>>>> RD MACHINES-OUTILS >>>>> >>>>> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >>>>> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >>>>> www.rdmo.com / www.rdmo-spare-parts.com >>>>> >>>>> >>>>> 2015-06-11 11:59 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>>>>> On 11/06/15 10:13, joseph-andre Guaragna wrote: >>>>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny >>>>>>> <rowlandpenny at googlemail.com>: >>>>>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> We have set up an Active Directory using samba4 (Zentyal), >>>>>>>>> everything >>>>>>>>> seems to be all right tilll the point were user profile are wiped >>>>>>>>> out. >>>>>>>> >>>>>>>> What do you mean by 'user profile are wiped out' ? >>>>>>> I mean all user data wiped >>>>>>>> Do you mean just one user is removed ? >>>>>>> all user from the workstation >>>>>>>> Or something else ? >>>>>>>> >>>>>>>> How is the 'wiping' being done ? >>>>>>> the user's folder still exist but there is no data, it is like is >>>>>>> recreated the whole profile >>>>>>>>> We noticed when one of our linux uer tryed to connect to a windows >>>>>>>>> workstation. It was allow so it juste created the user on the >>>>>>>>> windows >>>>>>>>> workstation. Few minutes later we realize that every domain account >>>>>>>>> on >>>>>>>>> the windows box were wiped, and the linux account also wiped. >>>>>>>> >>>>>>>> So the user can login but all other domain accounts on the PC have >>>>>>>> gone, >>>>>>>> Do >>>>>>>> the domain Accounts still exist on the AD DC ? >>>>>>> Yes the users still exists on the domain, and can still connect on any >>>>>>> workstation they are supposed to. >>>>>>>> >>>>>>>>> We could not find any reason for that, nor explanation in the log, I >>>>>>>>> may be missing something as I could not understand all the >>>>>>>>> mechanisms >>>>>>>>> involved. >>>>>>>>> >>>>>>>>> >>>>>>>>> we use samba 4.0. and pbis 8.2 client on the linux boxes. >>>>>>>>> >>>>>>>> Rowland >>>>>>>> >>>>>>>>> Thanks for your help >>>>>>>>> >>>>>>>>> >>>>>>> Joseph GUARAGNA >>>>>> >>>>>> Taking this back on list where it belongs. >>>>>> >>>>>> I think I understand your problem now, but just a few questions to >>>>>> confirm >>>>>> what I am thinking. >>>>>> Were your windows machines part of a domain before ? >>>>>> If so, what type of domain ? >>>>>> If there was a domain, what was the server ? >>>>>> >>>>>> Rowland >>>>>> >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> Will you please not send posts directly to me, please reply to the list. >>>> >>>> OK, your answer confirms what I thought, your original profiles haven't >>>> gone >>>> away, they will still be there, but you cannot see them because they are >>>> 'local' profiles and you are now using 'domain' profiles. >>>> >>>> i.e. local user joe is NOT the same user as DOMAIN\joe >>>> >>>> >>>> Rowland >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >> >> I think you need to understand profiles a bit better, start here: >> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles >> >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/sambaYou are still thinking 'WORKGROUP', do you realise that your users can now log into *any* of your PCs, even your Unix users ? You need to do a lot more reading, start here: https://msdn.microsoft.com/en-us/library/bb726990.aspx And then try searching the internet with 'Active Directory profiles' Rowland
joseph-andre Guaragna
2015-Jun-11 14:28 UTC
[Samba] user profil wipe in a samba 4 AD domain
Yes that is exactly the point and why we implemented the AD in the first place. But still every person connecting to any workstation gets a home directory created whether it is on Linux or windows. And if I understood well, if no roaming profile in place on each machine the domain.user is created. Thus leading to blank home directory every time your user connect for the first time to a workstation, and data not following him right? But what I do not get, is after the first connection every time the user connect on the same workstation, he should find the data from his previous log in on this workstation. And I mean "on this workstation", if he as since logged in on another he should not see what he had on the other workstation. Am I right on this. Meilleures salutations / Best regards, Joseph-Andr? GUARAGNA ing?nieur Syst?me et R?seau / Network and System engineer RD MACHINES-OUTILS 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 www.rdmo.com / www.rdmo-spare-parts.com 2015-06-11 15:52 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:> On 11/06/15 14:12, joseph-andre Guaragna wrote: >> >> I look at your article, and it did not change my view about profile. >> As we did not use any roaming/mandatory profile, nor we have any >> redirection. >> >> the only roaming we have is dedicated to few users and we use NFS as >> they are under linux, and way more simpler to set up. Strangely we do >> not have problems with those profiles. Maybe I am in a situation were >> : "You can't see the wood for the trees" . >> >> >> Meilleures salutations / Best regards, >> >> Joseph-Andr? GUARAGNA >> ing?nieur Syst?me et R?seau / Network and System engineer >> >> >> >> RD MACHINES-OUTILS >> >> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >> www.rdmo.com / www.rdmo-spare-parts.com >> >> >> 2015-06-11 14:40 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>> >>> On 11/06/15 12:56, joseph-andre Guaragna wrote: >>>> >>>> OK for the local profiles. I got both of them one call joe and the >>>> other domain.joe. >>>> Saw it, no problem about that. I copied the data from local to domain >>>> one. >>>> >>>> The thing is that after few days the domain.joe was emptied. The joe >>>> did stay the same. >>>> >>>> And I do not get why the domain.joe got blanked (all data gone) >>>> >>>> Cheers for the help >>>> >>>> Meilleures salutations / Best regards, >>>> >>>> Joseph-Andr? GUARAGNA >>>> ing?nieur Syst?me et R?seau / Network and System engineer >>>> >>>> >>>> >>>> RD MACHINES-OUTILS >>>> >>>> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >>>> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >>>> www.rdmo.com / www.rdmo-spare-parts.com >>>> >>>> >>>> 2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: >>>>> >>>>> On 11/06/15 11:28, joseph-andre Guaragna wrote: >>>>>> >>>>>> No they used to be in WORKGROUP. >>>>>> >>>>>> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide >>>>>> to move a more centralised way of identifying our users. >>>>>> >>>>>> At first everything work then, we ran in the situation described >>>>>> below. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Meilleures salutations / Best regards, >>>>>> >>>>>> Joseph-Andr? GUARAGNA >>>>>> ing?nieur Syst?me et R?seau / Network and System engineer >>>>>> >>>>>> >>>>>> >>>>>> RD MACHINES-OUTILS >>>>>> >>>>>> 77, all?e de l'Industrie F-74130 CONTAMINE SUR ARVE >>>>>> Tel : +33 (0) 4 50 03 90 77 - Fax :+33 (0) 4 50 03 66 79 >>>>>> www.rdmo.com / www.rdmo-spare-parts.com >>>>>> >>>>>> >>>>>> 2015-06-11 11:59 GMT+02:00 Rowland Penny >>>>>> <rowlandpenny at googlemail.com>: >>>>>>> >>>>>>> On 11/06/15 10:13, joseph-andre Guaragna wrote: >>>>>>>> >>>>>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny >>>>>>>> <rowlandpenny at googlemail.com>: >>>>>>>>> >>>>>>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> We have set up an Active Directory using samba4 (Zentyal), >>>>>>>>>> everything >>>>>>>>>> seems to be all right tilll the point were user profile are wiped >>>>>>>>>> out. >>>>>>>>> >>>>>>>>> >>>>>>>>> What do you mean by 'user profile are wiped out' ? >>>>>>>> >>>>>>>> I mean all user data wiped >>>>>>>>> >>>>>>>>> Do you mean just one user is removed ? >>>>>>>> >>>>>>>> all user from the workstation >>>>>>>>> >>>>>>>>> Or something else ? >>>>>>>>> >>>>>>>>> How is the 'wiping' being done ? >>>>>>>> >>>>>>>> the user's folder still exist but there is no data, it is like is >>>>>>>> recreated the whole profile >>>>>>>>>> >>>>>>>>>> We noticed when one of our linux uer tryed to connect to a windows >>>>>>>>>> workstation. It was allow so it juste created the user on the >>>>>>>>>> windows >>>>>>>>>> workstation. Few minutes later we realize that every domain >>>>>>>>>> account >>>>>>>>>> on >>>>>>>>>> the windows box were wiped, and the linux account also wiped. >>>>>>>>> >>>>>>>>> >>>>>>>>> So the user can login but all other domain accounts on the PC have >>>>>>>>> gone, >>>>>>>>> Do >>>>>>>>> the domain Accounts still exist on the AD DC ? >>>>>>>> >>>>>>>> Yes the users still exists on the domain, and can still connect on >>>>>>>> any >>>>>>>> workstation they are supposed to. >>>>>>>>> >>>>>>>>> >>>>>>>>>> We could not find any reason for that, nor explanation in the log, >>>>>>>>>> I >>>>>>>>>> may be missing something as I could not understand all the >>>>>>>>>> mechanisms >>>>>>>>>> involved. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> we use samba 4.0. and pbis 8.2 client on the linux boxes. >>>>>>>>>> >>>>>>>>> Rowland >>>>>>>>> >>>>>>>>>> Thanks for your help >>>>>>>>>> >>>>>>>>>> >>>>>>>> Joseph GUARAGNA >>>>>>> >>>>>>> >>>>>>> Taking this back on list where it belongs. >>>>>>> >>>>>>> I think I understand your problem now, but just a few questions to >>>>>>> confirm >>>>>>> what I am thinking. >>>>>>> Were your windows machines part of a domain before ? >>>>>>> If so, what type of domain ? >>>>>>> If there was a domain, what was the server ? >>>>>>> >>>>>>> Rowland >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>>> >>>>> Will you please not send posts directly to me, please reply to the >>>>> list. >>>>> >>>>> OK, your answer confirms what I thought, your original profiles haven't >>>>> gone >>>>> away, they will still be there, but you cannot see them because they >>>>> are >>>>> 'local' profiles and you are now using 'domain' profiles. >>>>> >>>>> i.e. local user joe is NOT the same user as DOMAIN\joe >>>>> >>>>> >>>>> Rowland >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >>> I think you need to understand profiles a bit better, start here: >>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles >>> >>> >>> Rowland >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > > You are still thinking 'WORKGROUP', do you realise that your users can now > log into *any* of your PCs, even your Unix users ? > > You need to do a lot more reading, start here: > https://msdn.microsoft.com/en-us/library/bb726990.aspx > > And then try searching the internet with 'Active Directory profiles' > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba