samba - Jun 2015 - user profil wipe in a samba 4 AD domain

Sorry for the delayed answer, I received your answer while I was gone.

My user are created using the RSAT tool directly from a Window box. We
use pbis cause in case my company want to go for a pay version of the
AD client. The main reason is that the sys admin job is on ly
temporary, thus if any problem occur after they could go for a pay
version and get help.



As for you request for the samba.conf:

[global]
    workgroup = intra
    realm = <our domain >
    netbios name = <Serveur Name>
    server string = Zentyal Server
    server role = dc
    server role check:inhibit = yes
    server services = -dns
    server signing = auto
    dsdb:schema update allowed = yes
    drs:max object sync = 1200

    idmap_ldb:use rfc2307 = yes

    interfaces = lo,eth0
    bind interfaces only = yes

    log level = 3
    log file = /var/log/samba/samba.log
    max log size = 100000



    include = /etc/samba/shares.conf




[netlogon]
    path = /var/lib/samba/sysvol/<our domain >/scripts
    browseable = no
    read only = yes

[sysvol]
    path = /var/lib/samba/sysvol
    read only = no
Meilleures salutations / Best regards,

Joseph-Andr? GUARAGNA


2015-06-11 17:09 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
> On 11/06/15 15:28, joseph-andre Guaragna wrote:
>>
>> Yes that is exactly the point and why we implemented the AD in the
first
>> place.
>>
>> But still every person connecting to any workstation gets a home
>> directory created whether it is on Linux or windows.
>>
>> And if I understood well, if no roaming profile in place on each
>> machine the domain.user is created.
>>
>> Thus leading to blank home directory every time your user connect for
>> the first time to a workstation, and data not following him right?
>>
>> But what I do not get, is after the first connection every time the
>> user connect on the same workstation, he should find the data from his
>> previous log in on this workstation. And I mean "on this
workstation",
>> if he as since logged in on another he should not see what he had on
>> the other workstation.
>>
>> Am I right on this.
>>
>
> Yes, your users should be able to log into the same machine and find their
> previous data, if this isn't happening, then I am fairly sure that this
is a
> windows problem not a samba problem.
>
> It might be a samba problem if you have altered the smb.conf on the samba
AD
> DC, if this is the case, can you post your smb.conf. How are you creating
> the users? on ADUC ? with samba-tool, or some other way.
>
> I wonder if pbis is somehow involved, why are you using this, it isn't
> really required.
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On 12/06/15 07:22, joseph-andre Guaragna wrote:
> Sorry for the delayed answer, I received your answer while I was gone.
>
> My user are created using the RSAT tool directly from a Window box. We
> use pbis cause in case my company want to go for a pay version of the
> AD client. The main reason is that the sys admin job is on ly
> temporary, thus if any problem occur after they could go for a pay
> version and get help.
Oh yes, one of those operations, they can pay for samba help you know 
and pbis is just another layer on top of samba that could cause 
problems, I personally prefer the KISS way of doing things i.e. if it is 
not really needed, don't do it.
>
>
> As for you request for the samba.conf:
>
> [global]
>      workgroup = intra
>      realm = <our domain >
>      netbios name = <Serveur Name>
>      server string = Zentyal Server
>      server role = dc
The 'server role' line should be 'server role = active directory
domain
controller', not sure if it makes any difference, but it might.
>      server role check:inhibit = yes
>      server services = -dns
>      server signing = auto
>      dsdb:schema update allowed = yes
>      drs:max object sync = 1200
>
>      idmap_ldb:use rfc2307 = yes
>
>      interfaces = lo,eth0
>      bind interfaces only = yes
>
>      log level = 3
>      log file = /var/log/samba/samba.log
>      max log size = 100000
>
>
>
>      include = /etc/samba/shares.conf
>
>
>
>
> [netlogon]
>      path = /var/lib/samba/sysvol/<our domain >/scripts
>      browseable = no
>      read only = yes
>
> [sysvol]
>      path = /var/lib/samba/sysvol
>      read only = no
> Meilleures salutations / Best regards,
>
> Joseph-Andr? GUARAGNA
>
>
> 2015-06-11 17:09 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>> On 11/06/15 15:28, joseph-andre Guaragna wrote:
>>> Yes that is exactly the point and why we implemented the AD in the
first
>>> place.
>>>
>>> But still every person connecting to any workstation gets a home
>>> directory created whether it is on Linux or windows.
>>>
>>> And if I understood well, if no roaming profile in place on each
>>> machine the domain.user is created.
>>>
>>> Thus leading to blank home directory every time your user connect
for
>>> the first time to a workstation, and data not following him right?
>>>
>>> But what I do not get, is after the first connection every time the
>>> user connect on the same workstation, he should find the data from
his
>>> previous log in on this workstation. And I mean "on this
workstation",
>>> if he as since logged in on another he should not see what he had
on
>>> the other workstation.
>>>
>>> Am I right on this.
>>>
>> Yes, your users should be able to log into the same machine and find
their
>> previous data, if this isn't happening, then I am fairly sure that
this is a
>> windows problem not a samba problem.
>>
>> It might be a samba problem if you have altered the smb.conf on the
samba AD
>> DC, if this is the case, can you post your smb.conf. How are you
creating
>> the users? on ADUC ? with samba-tool, or some other way.
>>
>> I wonder if pbis is somehow involved, why are you using this, it
isn't
>> really required.
>>
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
To be honest, I am not sure what is going on here, I normally set the 
users profiles to a specific place and don't have problems. Perhaps 
somebody who does what are trying to do, can jump in here and point out 
where you are going wrong (if anywhere).

Rowland

Any ways thanks for the help.

Really appreciate the efforts you put in, I'll  try to reproduce the
trouble and investigate around it.

I let you know if I find anything.



Meilleures salutations / Best regards,

Joseph-Andr? GUARAGNA
ing?nieur Syst?me et R?seau / Network and System engineer



RD MACHINES-OUTILS

77, all?e de l'Industrie  F-74130 CONTAMINE SUR ARVE
Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
www.rdmo.com / www.rdmo-spare-parts.com


2015-06-12 11:23 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
> On 12/06/15 07:22, joseph-andre Guaragna wrote:
>>
>> Sorry for the delayed answer, I received your answer while I was gone.
>>
>> My user are created using the RSAT tool directly from a Window box. We
>> use pbis cause in case my company want to go for a pay version of the
>> AD client. The main reason is that the sys admin job is on ly
>> temporary, thus if any problem occur after they could go for a pay
>> version and get help.
>
>
> Oh yes, one of those operations, they can pay for samba help you know and
> pbis is just another layer on top of samba that could cause problems, I
> personally prefer the KISS way of doing things i.e. if it is not really
> needed, don't do it.
>
>>
>>
>> As for you request for the samba.conf:
>>
>> [global]
>>      workgroup = intra
>>      realm = <our domain >
>>      netbios name = <Serveur Name>
>>      server string = Zentyal Server
>>      server role = dc
>
>
> The 'server role' line should be 'server role = active
directory domain
> controller', not sure if it makes any difference, but it might.
>
>
>>      server role check:inhibit = yes
>>      server services = -dns
>>      server signing = auto
>>      dsdb:schema update allowed = yes
>>      drs:max object sync = 1200
>>
>>      idmap_ldb:use rfc2307 = yes
>>
>>      interfaces = lo,eth0
>>      bind interfaces only = yes
>>
>>      log level = 3
>>      log file = /var/log/samba/samba.log
>>      max log size = 100000
>>
>>
>>
>>      include = /etc/samba/shares.conf
>>
>>
>>
>>
>> [netlogon]
>>      path = /var/lib/samba/sysvol/<our domain >/scripts
>>      browseable = no
>>      read only = yes
>>
>> [sysvol]
>>      path = /var/lib/samba/sysvol
>>      read only = no
>> Meilleures salutations / Best regards,
>>
>> Joseph-Andr? GUARAGNA
>>
>>
>> 2015-06-11 17:09 GMT+02:00 Rowland Penny <rowlandpenny at
googlemail.com>:
>>>
>>> On 11/06/15 15:28, joseph-andre Guaragna wrote:
>>>>
>>>> Yes that is exactly the point and why we implemented the AD in
the first
>>>> place.
>>>>
>>>> But still every person connecting to any workstation gets a
home
>>>> directory created whether it is on Linux or windows.
>>>>
>>>> And if I understood well, if no roaming profile in place on
each
>>>> machine the domain.user is created.
>>>>
>>>> Thus leading to blank home directory every time your user
connect for
>>>> the first time to a workstation, and data not following him
right?
>>>>
>>>> But what I do not get, is after the first connection every time
the
>>>> user connect on the same workstation, he should find the data
from his
>>>> previous log in on this workstation. And I mean "on this
workstation",
>>>> if he as since logged in on another he should not see what he
had on
>>>> the other workstation.
>>>>
>>>> Am I right on this.
>>>>
>>> Yes, your users should be able to log into the same machine and
find
>>> their
>>> previous data, if this isn't happening, then I am fairly sure
that this
>>> is a
>>> windows problem not a samba problem.
>>>
>>> It might be a samba problem if you have altered the smb.conf on the
samba
>>> AD
>>> DC, if this is the case, can you post your smb.conf. How are you
creating
>>> the users? on ADUC ? with samba-tool, or some other way.
>>>
>>> I wonder if pbis is somehow involved, why are you using this, it
isn't
>>> really required.
>>>
>>>
>>> Rowland
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> To be honest, I am not sure what is going on here, I normally set the users
> profiles to a specific place and don't have problems. Perhaps somebody
who
> does what are trying to do, can jump in here and point out where you are
> going wrong (if anywhere).
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba