Thomas DEBESSE
2016-Jun-27 21:42 UTC
[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?
Hi, thank your for your answer.> Are the 'File servers' joined to the domain ?Yes> Are the smb.conf files you posted completeNo, they are abstracted ones, because they are very long> if not, can you post the complete ones, exactly as they are on thecomputers (you can sanitize them if you need to) Yes> Try taking a look here:https://wiki.samba.org/index.php/Implementing_roaming_profiles I've read that page but it does not helped me… :( So, following are the complete files, if you're OK with that, I just applied on it a sed substitution to hide some sensitives names (and using the nomenclature defined above since the server's pet names will mean nothing for you), and removed some data shares that works very well and are unrelated at all (by the way, I kept the unrelated "partage" share as an example, even if it's unrelated to my current problem). So, the "PDCSERV" config was the now-disabled All-In-One Samba3 PDC server. The "ADSERV" is the current AD DC Samba4 server, and the "FILESERV" is the current file sharing server (hosting homes and profiles). I have also some other file servers but they are totally unrelated to the current described problems since they just serves optional files for some people (like the "partage" share described below). I also give you my logon.cmd so you see how the machinery works. As you can see, previous home paths were /home/users/%u and previous profile paths were /home/users/%u/.profile.v2 and home paths are now /home/users/%u/userdisk, and profile path are now /home/users/%u/profile.v2. I just put the profile outside the home disk, which is recommended. --------------------------------------------------------------------------- PDCSERV: [global] workgroup = DOMAIN netbios name = PDCSERV server string = "Server" wins support = yes dns proxy = no unix extensions = no log file = /var/log/samba/log.%m log level = 4 debug level = 4 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = smbpasswd:/etc/samba/smbpasswd obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes domain logons = yes logon path = \\%N\profile logon drive = U: logon home = \\%N\%U logon script = logon.cmd domain master = auto [homes] comment = Dossier Personnel de %U path = /home/users/%U/.windows browseable = no wide links = Yes follow symlinks = Yes writable = yes read only = no create mask = 2770 directory mask = 2770 public = no hide files /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/$RECYCLE.BIN/ veto files = /.profile/.profile.v2/*.desktop/ [netlogon] path = /etc/samba/netlogon guest ok = no writeable = yes browseable = no write list = ntadmin [profile] path = /home/users/%U/.profile browsable = no writeable = yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable hide files /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ [profile.v2] path = /home/users/%U/.profile.v2 browseable = no writeable = yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable hide files /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ [partage] path = /home/partage comment = "Partage Commun a tous" browsable = yes read only = no create mask = 777 directory mask = 777 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no --------------------------------------------------------------------------- ADSERV:/etc/samba/smb.conf [global] workgroup = DOMAIN realm = DOMAIN.REALM netbios name = ADSERV server role = active directory domain controller domain logons = Yes domain master = Yes wins support = Yes dns proxy = No idmap_ldb:use rfc2307 = Yes syslog = 1 log level = 4 panic action = /usr/share/samba/panic-action %d printing = bsd printcap name = /dev/null load printers = No disable spoolss = Yes logon path = \\FILESERV\profile logon drive = U: logon home = \\FILESERV\%U logon script = "logon.cmd" [netlogon] comment = "Service d’identification réseau" path = /var/lib/samba/sysvol/savane.saba/scripts guest ok = No writeable = Yes read only = No browseable = No write list = ntadmin [sysvol] path = /var/lib/samba/sysvol read only = No browseable = No --------------------------------------------------------------------------- FILESERV:/etc/samba/smb.conf [global] workgroup = DOMAIN realm = DOMAIN.REALM netbios name = FILESERV security = ADS dfree command = /usr/local/bin/smb-dfree.sh log file = /var/log/samba/log.%m log level = 4 max log size = 1000 syslog = 2 panic action = /usr/share/samba/panic-action %d server role = member server local master = No domain master = No preferred master = No encrypt passwords = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes winbind trusted domains only = No winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config DOMAIN:backend = rid idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-30000 winbind nss info = template template shell = /bin/false template homedir = /home/users/%U usershare allow guests = Yes printing = bsd printcap name = /dev/null load printers = No disable spoolss = Yes unix extensions = No hide special files = Yes hide unreadable = Yes hide dot files = Yes hide files /Bureau/AppData/Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/~$*/$RECYCLE.BIN/Thumbs.db/.DS_Store/*.desktop/ veto files = /.fuse_*/lost+found/aquota.group/aquota.user/ [homes] comment = "Dossier personnel de %u" path = "/home/users/%U/userdisk" browseable = No read only = No writeable = Yes browseable = No public = No wide links = Yes follow symlinks = Yes create mask = 2770 directory mask = 2770 force group = "users-%U" valid users = %S [partage] comment = "Partage commun à tous" path = /home/partage browsable = Yes read only = No create mask = 2770 directory mask = 2770 [profile] comment = "Profil NT5 (Windows XP)" path = /home/users/%U/profile browsable = No writeable = Yes create mask = 0600 directory mask = 0700 force group = "users-%U" profile acls = Yes csc policy = disable [profile.v2] comment = "Profil NT6 (Windows 7 etc.)" path = /home/users/%U/profile.v2 browseable = No writeable = Yes create mask = 0600 directory mask = 0700 force group = "users-%U" profile acls = Yes csc policy = disable --------------------------------------------------------------------------- ADSERV:/var/lib/samba/sysvol/savane.saba/scripts/logon.cmd NET USE U: \\FILESERV\homes NET USE P: \\FILESERV\partage REGEDIT /S \\ADSERV\netlogon\common.reg -- Thomas DEBESSE
Rowland penny
2016-Jun-28 06:59 UTC
[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?
On 27/06/16 22:42, Thomas DEBESSE wrote:> Hi, thank your for your answer. > > > Are the 'File servers' joined to the domain ? > Yes > > > Are the smb.conf files you posted complete > No, they are abstracted ones, because they are very long > > > if not, can you post the complete ones, exactly as they are on the > computers (you can sanitize them if you need to) > Yes > > > Try taking a look here: > https://wiki.samba.org/index.php/Implementing_roaming_profiles > I've read that page but it does not helped me… :( > > So, following are the complete files, if you're OK with that, I just > applied on it a sed substitution to hide some sensitives names (and > using the nomenclature defined above since the server's pet names will > mean nothing for you), and removed some data shares that works very > well and are unrelated at all (by the way, I kept the unrelated > "partage" share as an example, even if it's unrelated to my current > problem). > > So, the "PDCSERV" config was the now-disabled All-In-One Samba3 PDC > server. The "ADSERV" is the current AD DC Samba4 server, and the > "FILESERV" is the current file sharing server (hosting homes and > profiles). I have also some other file servers but they are totally > unrelated to the current described problems since they just serves > optional files for some people (like the "partage" share described > below). I also give you my logon.cmd so you see how the machinery works. > > As you can see, previous home paths were /home/users/%u and previous > profile paths were /home/users/%u/.profile.v2 and home paths are now > /home/users/%u/userdisk, and profile path are now > /home/users/%u/profile.v2. > I just put the profile outside the home disk, which is recommended. > > --------------------------------------------------------------------------- > PDCSERV: > > [global] > workgroup = DOMAIN > netbios name = PDCSERV > server string = "Server" > > wins support = yes > dns proxy = no > unix extensions = no > > log file = /var/log/samba/log.%m > log level = 4 > debug level = 4 > max log size = 5000 > syslog = 0 > > panic action = /usr/share/samba/panic-action %d > encrypt passwords = true > > passdb backend = smbpasswd:/etc/samba/smbpasswd > obey pam restrictions = yes > unix password sync = yes > > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > pam password change = yes > > domain logons = yes > logon path = \\%N\profile > logon drive = U: > logon home = \\%N\%U > logon script = logon.cmd > domain master = auto > > [homes] > comment = Dossier Personnel de %U > path = /home/users/%U/.windows > browseable = no > wide links = Yes > follow symlinks = Yes > writable = yes > read only = no > create mask = 2770 > directory mask = 2770 > public = no > hide files = > /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/$RECYCLE.BIN/ > veto files = /.profile/.profile.v2/*.desktop/ > > [netlogon] > path = /etc/samba/netlogon > guest ok = no > writeable = yes > browseable = no > write list = ntadmin > > [profile] > path = /home/users/%U/.profile > browsable = no > writeable = yes > create mask = 0600 > directory mask = 0700 > profile acls = yes > csc policy = disable > hide files = > /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ > > [profile.v2] > path = /home/users/%U/.profile.v2 > browseable = no > writeable = yes > create mask = 0600 > directory mask = 0700 > profile acls = yes > csc policy = disable > hide files = > /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ > > [partage] > path = /home/partage > comment = "Partage Commun a tous" > browsable = yes > read only = no > create mask = 777 > directory mask = 777 > > [printers] > comment = All Printers > browseable = no > path = /var/spool/samba > printable = yes > guest ok = no > read only = yes > create mask = 0700 > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > browseable = yes > read only = yes > guest ok = no > > > --------------------------------------------------------------------------- > ADSERV:/etc/samba/smb.conf > > [global] > workgroup = DOMAIN > realm = DOMAIN.REALM > netbios name = ADSERV > server role = active directory domain controller > > domain logons = Yes > domain master = Yes > > wins support = Yes > dns proxy = No > > idmap_ldb:use rfc2307 = Yes > > syslog = 1 > log level = 4 > > panic action = /usr/share/samba/panic-action %d > > printing = bsd > printcap name = /dev/null > load printers = No > disable spoolss = Yes > > logon path = \\FILESERV\profile > logon drive = U: > logon home = \\FILESERV\%U > logon script = "logon.cmd" > > [netlogon] > comment = "Service d’identification réseau" > path = /var/lib/samba/sysvol/savane.saba/scripts > guest ok = No > writeable = Yes > read only = No > browseable = No > write list = ntadmin > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > browseable = No > > > --------------------------------------------------------------------------- > FILESERV:/etc/samba/smb.conf > > [global] > workgroup = DOMAIN > realm = DOMAIN.REALM > netbios name = FILESERV > security = ADS > > dfree command = /usr/local/bin/smb-dfree.sh > > log file = /var/log/samba/log.%m > log level = 4 > max log size = 1000 > syslog = 2 > > panic action = /usr/share/samba/panic-action %d > > server role = member server > > local master = No > domain master = No > preferred master = No > > encrypt passwords = Yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > winbind refresh tickets = Yes > winbind trusted domains only = No > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > idmap config DOMAIN:backend = rid > idmap config DOMAIN:schema_mode = rfc2307 > idmap config DOMAIN:range = 10000-30000 > > winbind nss info = template > template shell = /bin/false > template homedir = /home/users/%U > > usershare allow guests = Yes > > printing = bsd > printcap name = /dev/null > load printers = No > disable spoolss = Yes > > unix extensions = No > hide special files = Yes > hide unreadable = Yes > hide dot files = Yes > hide files = > /Bureau/AppData/Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/~$*/$RECYCLE.BIN/Thumbs.db/.DS_Store/*.desktop/ > veto files = /.fuse_*/lost+found/aquota.group/aquota.user/ > > [homes] > comment = "Dossier personnel de %u" > path = "/home/users/%U/userdisk" > browseable = No > read only = No > writeable = Yes > browseable = No > public = No > wide links = Yes > follow symlinks = Yes > create mask = 2770 > directory mask = 2770 > force group = "users-%U" > valid users = %S > > [partage] > comment = "Partage commun à tous" > path = /home/partage > browsable = Yes > read only = No > create mask = 2770 > directory mask = 2770 > > [profile] > comment = "Profil NT5 (Windows XP)" > path = /home/users/%U/profile > browsable = No > writeable = Yes > create mask = 0600 > directory mask = 0700 > force group = "users-%U" > profile acls = Yes > csc policy = disable > > [profile.v2] > comment = "Profil NT6 (Windows 7 etc.)" > path = /home/users/%U/profile.v2 > browseable = No > writeable = Yes > create mask = 0600 > directory mask = 0700 > force group = "users-%U" > profile acls = Yes > csc policy = disable > > --------------------------------------------------------------------------- > ADSERV:/var/lib/samba/sysvol/savane.saba/scripts/logon.cmd > > NET USE U: \\FILESERV\homes > NET USE P: \\FILESERV\partage > > REGEDIT /S \\ADSERV\netlogon\common.reg > > -- > Thomas DEBESSEOK, I think your problem is that you are trying to run your AD domain as if it is still an NT4-style domain. I suggest you re-read the page I pointed you to and also other pages in the Samba wiki. You do not use: logon path = \\FILESERV\profile logon drive = U: logon home = \\FILESERV\%U logon script = "logon.cmd" with AD, you would add: profilePath: \\FILESERV\profile scriptPath: logon.cmd homeDrive: U: homeDirectory: \\FILESERV\%U to each users object in AD. You can do this with ADUC or by creating an ldif file on the DC and then use ldbmodify to add it. I would also look carefully at your smb.conf files, referencing 'man smb.conf', for an instance, did you know that ' writeable = Yes' is the same as 'read only = No' ? There is no point in having both. I would suggest you follow the Samba wiki and use ACLs instead of the old style 'create mask' etc Rowland
Thomas DEBESSE
2016-Jun-28 11:23 UTC
[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?
> OK, I think your problem is that you are trying to run your AD domain asif it is still an NT4-style domain. This does not sound like a surprise to me. ;-)> with AD, you would add […] to each users object in AD. You can do thiswith ADUC or by creating an ldif file on the DC and then use ldbmodify to add it. Oh, yes, you're right, I had to do the same for the logon.cmd, I already have a pdbedit call for logon.cmd stuff in my user creation script I wrote myself. I did that for the logon.cmd stuff, for each user: pdbedit --script="logon.cmd" "${user_name}" I suppose I can use the --profile= , --drive= and --homedir= options from pdbedit to do the same things you recommend without having to deal with ldif file. Too bad these values can't be forced by a template on the AD DC. I will try these options tonight when everyone will be logged out.> did you know that ' writeable = Yes' is the same as 'read only = No' ?There is no point in having both. Yes, these smb.conf are more than 15 years old, modifying them continuously when I update something through the ages, so I will not be surprised if some stuff are superfluous or some crap is remaining.> I would suggest you follow the Samba wiki and use ACLs instead of the oldstyle 'create mask' etc I will look at it interestingly, currently I don't need more and that part, even old, works very well. :-) 2016-06-28 8:59 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 27/06/16 22:42, Thomas DEBESSE wrote: > >> Hi, thank your for your answer. >> >> > Are the 'File servers' joined to the domain ? >> Yes >> >> > Are the smb.conf files you posted complete >> No, they are abstracted ones, because they are very long >> >> > if not, can you post the complete ones, exactly as they are on the >> computers (you can sanitize them if you need to) >> Yes >> >> > Try taking a look here: >> https://wiki.samba.org/index.php/Implementing_roaming_profiles >> I've read that page but it does not helped me… :( >> >> So, following are the complete files, if you're OK with that, I just >> applied on it a sed substitution to hide some sensitives names (and using >> the nomenclature defined above since the server's pet names will mean >> nothing for you), and removed some data shares that works very well and are >> unrelated at all (by the way, I kept the unrelated "partage" share as an >> example, even if it's unrelated to my current problem). >> >> So, the "PDCSERV" config was the now-disabled All-In-One Samba3 PDC >> server. The "ADSERV" is the current AD DC Samba4 server, and the "FILESERV" >> is the current file sharing server (hosting homes and profiles). I have >> also some other file servers but they are totally unrelated to the current >> described problems since they just serves optional files for some people >> (like the "partage" share described below). I also give you my logon.cmd so >> you see how the machinery works. >> >> As you can see, previous home paths were /home/users/%u and previous >> profile paths were /home/users/%u/.profile.v2 and home paths are now >> /home/users/%u/userdisk, and profile path are now /home/users/%u/profile.v2. >> I just put the profile outside the home disk, which is recommended. >> >> >> --------------------------------------------------------------------------- >> PDCSERV: >> >> [global] >> workgroup = DOMAIN >> netbios name = PDCSERV >> server string = "Server" >> >> wins support = yes >> dns proxy = no >> unix extensions = no >> >> log file = /var/log/samba/log.%m >> log level = 4 >> debug level = 4 >> max log size = 5000 >> syslog = 0 >> >> panic action = /usr/share/samba/panic-action %d >> encrypt passwords = true >> >> passdb backend = smbpasswd:/etc/samba/smbpasswd >> obey pam restrictions = yes >> unix password sync = yes >> >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> pam password change = yes >> >> domain logons = yes >> logon path = \\%N\profile >> logon drive = U: >> logon home = \\%N\%U >> logon script = logon.cmd >> domain master = auto >> >> [homes] >> comment = Dossier Personnel de %U >> path = /home/users/%U/.windows >> browseable = no >> wide links = Yes >> follow symlinks = Yes >> writable = yes >> read only = no >> create mask = 2770 >> directory mask = 2770 >> public = no >> hide files >> /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/$RECYCLE.BIN/ >> veto files = /.profile/.profile.v2/*.desktop/ >> >> [netlogon] >> path = /etc/samba/netlogon >> guest ok = no >> writeable = yes >> browseable = no >> write list = ntadmin >> >> [profile] >> path = /home/users/%U/.profile >> browsable = no >> writeable = yes >> create mask = 0600 >> directory mask = 0700 >> profile acls = yes >> csc policy = disable >> hide files >> /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ >> >> [profile.v2] >> path = /home/users/%U/.profile.v2 >> browseable = no >> writeable = yes >> create mask = 0600 >> directory mask = 0700 >> profile acls = yes >> csc policy = disable >> hide files >> /Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*.desktop/ >> >> [partage] >> path = /home/partage >> comment = "Partage Commun a tous" >> browsable = yes >> read only = no >> create mask = 777 >> directory mask = 777 >> >> [printers] >> comment = All Printers >> browseable = no >> path = /var/spool/samba >> printable = yes >> guest ok = no >> read only = yes >> create mask = 0700 >> >> [print$] >> comment = Printer Drivers >> path = /var/lib/samba/printers >> browseable = yes >> read only = yes >> guest ok = no >> >> >> >> --------------------------------------------------------------------------- >> ADSERV:/etc/samba/smb.conf >> >> [global] >> workgroup = DOMAIN >> realm = DOMAIN.REALM >> netbios name = ADSERV >> server role = active directory domain controller >> >> domain logons = Yes >> domain master = Yes >> >> wins support = Yes >> dns proxy = No >> >> idmap_ldb:use rfc2307 = Yes >> >> syslog = 1 >> log level = 4 >> >> panic action = /usr/share/samba/panic-action %d >> >> printing = bsd >> printcap name = /dev/null >> load printers = No >> disable spoolss = Yes >> >> logon path = \\FILESERV\profile >> logon drive = U: >> logon home = \\FILESERV\%U >> logon script = "logon.cmd" >> >> [netlogon] >> comment = "Service d’identification réseau" >> path = /var/lib/samba/sysvol/savane.saba/scripts >> guest ok = No >> writeable = Yes >> read only = No >> browseable = No >> write list = ntadmin >> >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = No >> browseable = No >> >> >> >> --------------------------------------------------------------------------- >> FILESERV:/etc/samba/smb.conf >> >> [global] >> workgroup = DOMAIN >> realm = DOMAIN.REALM >> netbios name = FILESERV >> security = ADS >> >> dfree command = /usr/local/bin/smb-dfree.sh >> >> log file = /var/log/samba/log.%m >> log level = 4 >> max log size = 1000 >> syslog = 2 >> >> panic action = /usr/share/samba/panic-action %d >> >> server role = member server >> >> local master = No >> domain master = No >> preferred master = No >> >> encrypt passwords = Yes >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> winbind refresh tickets = Yes >> winbind trusted domains only = No >> winbind use default domain = Yes >> winbind enum users = Yes >> winbind enum groups = Yes >> >> idmap config *:backend = tdb >> idmap config *:range = 2000-9999 >> >> idmap config DOMAIN:backend = rid >> idmap config DOMAIN:schema_mode = rfc2307 >> idmap config DOMAIN:range = 10000-30000 >> >> winbind nss info = template >> template shell = /bin/false >> template homedir = /home/users/%U >> >> usershare allow guests = Yes >> >> printing = bsd >> printcap name = /dev/null >> load printers = No >> disable spoolss = Yes >> >> unix extensions = No >> hide special files = Yes >> hide unreadable = Yes >> hide dot files = Yes >> hide files >> /Bureau/AppData/Desktop.ini/desktop.ini/outlook*.lnk/*Briefcase*/*~/~$*/$RECYCLE.BIN/Thumbs.db/.DS_Store/*.desktop/ >> veto files = /.fuse_*/lost+found/aquota.group/aquota.user/ >> >> [homes] >> comment = "Dossier personnel de %u" >> path = "/home/users/%U/userdisk" >> browseable = No >> read only = No >> writeable = Yes >> browseable = No >> public = No >> wide links = Yes >> follow symlinks = Yes >> create mask = 2770 >> directory mask = 2770 >> force group = "users-%U" >> valid users = %S >> >> [partage] >> comment = "Partage commun à tous" >> path = /home/partage >> browsable = Yes >> read only = No >> create mask = 2770 >> directory mask = 2770 >> >> [profile] >> comment = "Profil NT5 (Windows XP)" >> path = /home/users/%U/profile >> browsable = No >> writeable = Yes >> create mask = 0600 >> directory mask = 0700 >> force group = "users-%U" >> profile acls = Yes >> csc policy = disable >> >> [profile.v2] >> comment = "Profil NT6 (Windows 7 etc.)" >> path = /home/users/%U/profile.v2 >> browseable = No >> writeable = Yes >> create mask = 0600 >> directory mask = 0700 >> force group = "users-%U" >> profile acls = Yes >> csc policy = disable >> >> >> --------------------------------------------------------------------------- >> ADSERV:/var/lib/samba/sysvol/savane.saba/scripts/logon.cmd >> >> NET USE U: \\FILESERV\homes >> NET USE P: \\FILESERV\partage >> >> REGEDIT /S \\ADSERV\netlogon\common.reg >> >> -- >> Thomas DEBESSE >> > > OK, I think your problem is that you are trying to run your AD domain as > if it is still an NT4-style domain. > > I suggest you re-read the page I pointed you to and also other pages in > the Samba wiki. > > You do not use: > > logon path = \\FILESERV\profile > logon drive = U: > logon home = \\FILESERV\%U > logon script = "logon.cmd" > > with AD, you would add: > > profilePath: \\FILESERV\profile > scriptPath: logon.cmd > homeDrive: U: > homeDirectory: \\FILESERV\%U > > to each users object in AD. You can do this with ADUC or by creating an > ldif file on the DC and then use ldbmodify to add it. > > I would also look carefully at your smb.conf files, referencing 'man > smb.conf', for an instance, did you know that ' writeable = Yes' is the > same as 'read only = No' ? There is no point in having both. > > I would suggest you follow the Samba wiki and use ACLs instead of the old > style 'create mask' etc > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Thomas DEBESSE
Possibly Parallel Threads
- How to debug not working Roaming profiles on Samba 4 AD setup?
- How to debug not working Roaming profiles on Samba 4 AD setup?
- How to debug not working Roaming profiles on Samba 4 AD setup?
- How to debug not working Roaming profiles on Samba 4 AD setup?
- Problem with Roaming Profiles