samba - Jul 2015 - Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]

Could you try giving domain users rwx control of profile folder this way:

setfacl -m g:users:rwx
On Jul 4, 2015 1:53 PM, "Gary Dale" <garydale at torfree.net>
wrote:
> On 04/07/15 04:22 AM, Rowland Penny wrote:
>
>> On 04/07/15 00:58, Gary Dale wrote:
>>
>>> On 03/07/15 01:21 PM, Rowland Penny wrote:
>>>
>>>> On 03/07/15 17:45, Gary Dale wrote:
>>>>
>>>>> On 03/07/15 02:44 AM, Gary Dale wrote:
>>>>>
>>>>>> I've got roaming profiles for one account on a
Debian/Jessie AD DC
>>>>>> server but I can't get them to work for the other
accounts. The differences
>>>>>> are that the one account is also a Linux account in the
AD DC and is in the
>>>>>> Domain Admins group. The other accounts were created
with ADUC on a Windows
>>>>>> 7 machine logged in as the Domain Admins user just
mentioned. They are
>>>>>> Domain Users but not Admins and have no corresponding
Linux account.
>>>>>>
>>>>>> I got that one account to work by taking ownership of
its profile
>>>>>> directory. However Windows 7 currently only offers me
two choices for
>>>>>> accounts that can take ownership of a profile directory
(Domain Admins and
>>>>>> that one account are both listed. Other accounts are
not in the
>>>>>> creator/owner tab).
>>>>>>
>>>>>> I've given Domain User full control of the profile
folders but that
>>>>>> doesn't seem to be good enough to get the profiles
to be loaded and saved
>>>>>> (the Linux permissions are 777).
>>>>>>
>>>>>> And yes, Ive set profile for each user using the
Windows MMC plugin.
>>>>>>
>>>>>> Any ideas on what I'm missing?
>>>>>>
>>>>>
>>>>> Further to above, I added one of the user accounts to the
Domain
>>>>> Admins but still couldn't get a roaming profile to work
for it.
>>>>>
>>>>
>>>> Hi, have a look here:
>>>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>>>>
>>>> Rowland
>>>>
>>>
>>> Thanks. I'd been trying that without success. The section on
using ACLs
>>> doesn't work in my case for some reason.
>>>
>>>
>> The 'reason' is probably why profiles don't work.
>>
>> Are you doing this on a DC or a member server ? on a DC I get this:
>>
>> root at dc01:~# getent group "domain admins"
>> EXAMPLE\Domain Admins:*:10002:
>>
>> and on a member server:
>>
>> rowland at ThinkPad ~ $ getent group "domain admins"
>> domain_admins:x:10002:s4admin,rowland,administrator
>>
>> I have RFC2307 attributes in AD and winbind set up on both.
>>
>
> I get nothing when I run the command on the AD DC. There are currently no
> member servers.
>
> I followed the instructions at
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and did include the
> --use-rfc2307. The only change I made was it doesn't actually mention
> installing kerberos but I found it necessary when I got to the configure
> kerberos section.
>
> According to the wiki, I don't have to do any winbind config, although
> they don't recommend using a DC as a file server due to some problems
with
> winbind. Unfortunately I only have the one server in this location.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 04/07/15 01:59 PM, Mike wrote:
>
> Could you try giving domain users rwx control of profile folder this way:
>
> setfacl -m g:users:rwx
>
They already have full rwx privileges. I'm not sure if that worked or 
not, or if it was something else I've done since last night but 
currently the profiles seem to being saved even without the share being 
connected.

On Sat, Jul 4, 2015 at 6:36 PM, Gary Dale <garydale at torfree.net> wrote:

They already have full rwx privileges. I'm not sure if that worked or
not,
> or if it was something else I've done since last night but currently
the
> profiles seem to being saved even without the share being connected.
>
 getfacl: Removing leading '/' from absolute path names
# file: mnt/profiles/users
# owner: root
# group: root
user::rwx
group::r-x
group:users:rwx
mask::rwx
other::r-x

Does your getfacl look similar?