samba - Jun 2015 - user profil wipe in a samba 4 AD domain

Yes that is exactly the point and why we implemented the AD in the first place.

But still every person connecting to any workstation gets a home
directory created whether it is on Linux or windows.

And if I understood well, if no roaming profile in place on each
machine the domain.user is created.

Thus leading to blank home directory every time your user connect for
the first time to a workstation, and data not following him right?

But what I do not get, is after the first connection every time the
user connect on the same workstation, he should find the data from his
previous log in on this workstation. And I mean "on this workstation",
if he as since logged in on another he should not see what he had on
the other workstation.

Am I right on this.



Meilleures salutations / Best regards,

Joseph-Andr? GUARAGNA
ing?nieur Syst?me et R?seau / Network and System engineer



RD MACHINES-OUTILS

77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
www.rdmo.com / www.rdmo-spare-parts.com


2015-06-11 15:52 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
> On 11/06/15 14:12, joseph-andre Guaragna wrote:
>>
>> I look at your article, and it did not change my view about profile.
>> As we did not use any roaming/mandatory profile, nor we have any
>> redirection.
>>
>> the only roaming we have is dedicated to few users and we use NFS as
>> they are under linux, and way more simpler to set up. Strangely we do
>> not have problems with those profiles. Maybe I am in a situation were
>> : "You can't see the wood for the trees" .
>>
>>
>> Meilleures salutations / Best regards,
>>
>> Joseph-Andr? GUARAGNA
>> ing?nieur Syst?me et R?seau / Network and System engineer
>>
>>
>>
>> RD MACHINES-OUTILS
>>
>> 77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
>> www.rdmo.com / www.rdmo-spare-parts.com
>>
>>
>> 2015-06-11 14:40 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>
>>> On 11/06/15 12:56, joseph-andre Guaragna wrote:
>>>>
>>>> OK for the local profiles. I got both of them one call joe and
the
>>>> other domain.joe.
>>>> Saw it, no problem about that. I copied the data from local to
domain
>>>> one.
>>>>
>>>> The thing is that after few days the domain.joe was emptied.
The joe
>>>> did stay the same.
>>>>
>>>> And I do not get why the domain.joe got blanked (all data gone)
>>>>
>>>> Cheers for the help
>>>>
>>>> Meilleures salutations / Best regards,
>>>>
>>>> Joseph-Andr? GUARAGNA
>>>> ing?nieur Syst?me et R?seau / Network and System engineer
>>>>
>>>>
>>>>
>>>> RD MACHINES-OUTILS
>>>>
>>>> 77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
>>>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
>>>> www.rdmo.com / www.rdmo-spare-parts.com
>>>>
>>>>
>>>> 2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>>>
>>>>> On 11/06/15 11:28, joseph-andre Guaragna wrote:
>>>>>>
>>>>>> No they used to be in WORKGROUP.
>>>>>>
>>>>>> As we have an heterogeneous fleet 25 Linux and 7
windows 7. We decide
>>>>>> to move a more centralised way of identifying our
users.
>>>>>>
>>>>>> At first everything work then, we ran in the situation
described
>>>>>> below.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Meilleures salutations / Best regards,
>>>>>>
>>>>>> Joseph-Andr? GUARAGNA
>>>>>> ing?nieur Syst?me et R?seau / Network and System
engineer
>>>>>>
>>>>>>
>>>>>>
>>>>>> RD MACHINES-OUTILS
>>>>>>
>>>>>> 77, all?e de l'Industrie  F-74130 CONTAMINE SUR
ARVE
>>>>>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03
66 79
>>>>>> www.rdmo.com / www.rdmo-spare-parts.com
>>>>>>
>>>>>>
>>>>>> 2015-06-11 11:59 GMT+02:00 Rowland Penny
>>>>>> <rowlandpenny at googlemail.com>:
>>>>>>>
>>>>>>> On 11/06/15 10:13, joseph-andre Guaragna wrote:
>>>>>>>>
>>>>>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny
>>>>>>>> <rowlandpenny at googlemail.com>:
>>>>>>>>>
>>>>>>>>> On 11/06/15 08:09, joseph-andre Guaragna
wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> We have set up an Active Directory
using samba4 (Zentyal),
>>>>>>>>>> everything
>>>>>>>>>> seems to be all right tilll the point
were user profile are wiped
>>>>>>>>>> out.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> What do you mean by 'user profile are
wiped out' ?
>>>>>>>>
>>>>>>>> I mean all user data wiped
>>>>>>>>>
>>>>>>>>> Do you mean just one user is removed ?
>>>>>>>>
>>>>>>>> all user from the workstation
>>>>>>>>>
>>>>>>>>> Or something else ?
>>>>>>>>>
>>>>>>>>> How is the 'wiping' being done ?
>>>>>>>>
>>>>>>>> the user's folder still exist but there is
no data, it is like is
>>>>>>>> recreated the whole profile
>>>>>>>>>>
>>>>>>>>>> We noticed when one of our linux uer
tryed to connect to a windows
>>>>>>>>>> workstation. It was allow so it juste
created the user on the
>>>>>>>>>> windows
>>>>>>>>>> workstation. Few minutes later we
realize that every domain
>>>>>>>>>> account
>>>>>>>>>> on
>>>>>>>>>> the windows box were wiped, and the
linux account also wiped.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> So the user can login but all other domain
accounts on the PC have
>>>>>>>>> gone,
>>>>>>>>> Do
>>>>>>>>> the domain Accounts still exist on the AD
DC ?
>>>>>>>>
>>>>>>>> Yes the users still exists on the domain, and
can still connect on
>>>>>>>> any
>>>>>>>> workstation they are supposed to.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> We could not find any reason for that,
nor explanation in the log,
>>>>>>>>>> I
>>>>>>>>>> may be missing something as I could not
understand all the
>>>>>>>>>> mechanisms
>>>>>>>>>> involved.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> we use samba 4.0. and pbis 8.2 client
on the linux boxes.
>>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>>>> Thanks for your help
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>      Joseph GUARAGNA
>>>>>>>
>>>>>>>
>>>>>>> Taking this back on list where it belongs.
>>>>>>>
>>>>>>> I think I understand your problem now, but just a
few questions to
>>>>>>> confirm
>>>>>>> what I am thinking.
>>>>>>> Were your windows machines part of a domain before
?
>>>>>>> If so, what type of domain ?
>>>>>>> If there was a domain, what was the server ?
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following
URL and read the
>>>>>>> instructions: 
https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>> Will you please not send posts directly to me, please reply
to the
>>>>> list.
>>>>>
>>>>> OK, your answer confirms what I thought, your original
profiles haven't
>>>>> gone
>>>>> away, they will still be there, but you cannot see them
because they
>>>>> are
>>>>> 'local' profiles and you are now using
'domain' profiles.
>>>>>
>>>>> i.e. local user joe is NOT the same user as DOMAIN\joe
>>>>>
>>>>>
>>>>> Rowland
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and
read the
>>>>> instructions: 
https://lists.samba.org/mailman/options/samba
>>>
>>>
>>> I think you need to understand profiles a bit better, start here:
>>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>>>
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> You are still thinking 'WORKGROUP', do you realise that your users
can now
> log into *any* of your PCs, even your Unix users ?
>
> You need to do a lot more reading, start here:
> https://msdn.microsoft.com/en-us/library/bb726990.aspx
>
> And then try searching the internet with 'Active Directory
profiles'
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On 11/06/15 15:28, joseph-andre Guaragna wrote:
> Yes that is exactly the point and why we implemented the AD in the first
place.
>
> But still every person connecting to any workstation gets a home
> directory created whether it is on Linux or windows.
>
> And if I understood well, if no roaming profile in place on each
> machine the domain.user is created.
>
> Thus leading to blank home directory every time your user connect for
> the first time to a workstation, and data not following him right?
>
> But what I do not get, is after the first connection every time the
> user connect on the same workstation, he should find the data from his
> previous log in on this workstation. And I mean "on this
workstation",
> if he as since logged in on another he should not see what he had on
> the other workstation.
>
> Am I right on this.
>
Yes, your users should be able to log into the same machine and find 
their previous data, if this isn't happening, then I am fairly sure that 
this is a windows problem not a samba problem.

It might be a samba problem if you have altered the smb.conf on the 
samba AD DC, if this is the case, can you post your smb.conf. How are 
you creating the users? on ADUC ? with samba-tool, or some other way.

I wonder if pbis is somehow involved, why are you using this, it isn't 
really required.

Rowland

Sorry for the delayed answer, I received your answer while I was gone.

My user are created using the RSAT tool directly from a Window box. We
use pbis cause in case my company want to go for a pay version of the
AD client. The main reason is that the sys admin job is on ly
temporary, thus if any problem occur after they could go for a pay
version and get help.



As for you request for the samba.conf:

[global]
    workgroup = intra
    realm = <our domain >
    netbios name = <Serveur Name>
    server string = Zentyal Server
    server role = dc
    server role check:inhibit = yes
    server services = -dns
    server signing = auto
    dsdb:schema update allowed = yes
    drs:max object sync = 1200

    idmap_ldb:use rfc2307 = yes

    interfaces = lo,eth0
    bind interfaces only = yes

    log level = 3
    log file = /var/log/samba/samba.log
    max log size = 100000



    include = /etc/samba/shares.conf




[netlogon]
    path = /var/lib/samba/sysvol/<our domain >/scripts
    browseable = no
    read only = yes

[sysvol]
    path = /var/lib/samba/sysvol
    read only = no
Meilleures salutations / Best regards,

Joseph-Andr? GUARAGNA


2015-06-11 17:09 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
> On 11/06/15 15:28, joseph-andre Guaragna wrote:
>>
>> Yes that is exactly the point and why we implemented the AD in the
first
>> place.
>>
>> But still every person connecting to any workstation gets a home
>> directory created whether it is on Linux or windows.
>>
>> And if I understood well, if no roaming profile in place on each
>> machine the domain.user is created.
>>
>> Thus leading to blank home directory every time your user connect for
>> the first time to a workstation, and data not following him right?
>>
>> But what I do not get, is after the first connection every time the
>> user connect on the same workstation, he should find the data from his
>> previous log in on this workstation. And I mean "on this
workstation",
>> if he as since logged in on another he should not see what he had on
>> the other workstation.
>>
>> Am I right on this.
>>
>
> Yes, your users should be able to log into the same machine and find their
> previous data, if this isn't happening, then I am fairly sure that this
is a
> windows problem not a samba problem.
>
> It might be a samba problem if you have altered the smb.conf on the samba
AD
> DC, if this is the case, can you post your smb.conf. How are you creating
> the users? on ADUC ? with samba-tool, or some other way.
>
> I wonder if pbis is somehow involved, why are you using this, it isn't
> really required.
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba