samba - May 2018 - Roaming profils cannot sync four files

thank you, but it was only a copy/paste mistake. My config looks like this:
[global]
        security = ADS
        workgroup = EXAMPLE
        realm = EXAMPLE.LOCAL

        log file = /var/log/samba/%m.log
        log level = 1

        # Default ID mapping configuration for local BUILTIN accounts
        # and groups on a domain member. The default (*) domain:
        # - must not overlap with any domain ID mapping configuration!
        # - must use a read-write-enabled back end, such as tdb.
        # - Adding just this is not enough
        # - You must set a DOMAIN backend configuration, see below
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config EXAMPLE : backend = rid
        idmap config EXAMPLE : range = 1000000 - 1999999
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        winbind refresh tickets = yes
        template shell = /bin/bash

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes

        acl allow execute always = yes

[profiles]
        path = /home/EXAMPLE/profiles/
        read only = no

But it doesn't work with this configuration.

Or does I need these lines also? I don't need a login of the domainusers.

# Template settings for login shell and home directory
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U



2018-05-14 23:28 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Mon, 14 May 2018 22:49:02 +0200
> Michael Funke via samba <samba at lists.samba.org> wrote:
>
> > Okay, I testet it and it doesn't help. Attached is also my
smb.conf.
> > May it is here.
> >
> > [global]
> >         # Default ID mapping configuration for local BUILTIN accounts
> >         # and groups on a domain member. The default (*) domain:
> >         # - must not overlap with any domain ID mapping configuration!
> >         # - must use a read-write-enabled back end, such as tdb.
> >         # - Adding just this is not enough
> >         # - You must set a DOMAIN backend configuration, see below
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >         idmap config EXAMPLE : range = 1000000 - 1999999
>
> >
> >
> > Any ideas?
> >
>
> Yes, did you not understand this:
>
>          # - Adding just this is not enough
>          # - You must set a DOMAIN backend configuration, see below
>
> Well, yes, you must have because you added this:
>
>          idmap config EXAMPLE : range = 1000000 - 1999999
>
> Pity it wasn't enough, can I suggest you read this again:
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> And this:
>
> https://wiki.samba.org/index.php/Idmap_config_rid
>
> and decide which you want to use and then add the missing line(s)
>
> If you do not understand those pages, can you please try to explain what
> you do not understand. Without feedback we think they are correct, if
> nobody says 'I do not understand something', we will go on thinking
> they are correct ;-)
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Tue, 15 May 2018 10:53:26 +0200
Michael Funke <maniac.macpain at gmail.com> wrote:
> thank you, but it was only a copy/paste mistake. My config looks like
> this: [global]
>         security = ADS
>         workgroup = EXAMPLE
>         realm = EXAMPLE.LOCAL
> 
>         log file = /var/log/samba/%m.log
>         log level = 1
> 
>         # Default ID mapping configuration for local BUILTIN accounts
>         # and groups on a domain member. The default (*) domain:
>         # - must not overlap with any domain ID mapping configuration!
>         # - must use a read-write-enabled back end, such as tdb.
>         # - Adding just this is not enough
>         # - You must set a DOMAIN backend configuration, see below
>         idmap config * : backend = tdb
>         idmap config * : range = 3000-7999
>         idmap config EXAMPLE : backend = rid
>         idmap config EXAMPLE : range = 1000000 - 1999999
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind use default domain = yes
>         winbind refresh tickets = yes
>         template shell = /bin/bash
> 
>         vfs objects = acl_xattr
>         map acl inherit = yes
>         store dos attributes = yes
> 
>         acl allow execute always = yes
> 
> [profiles]
>         path = /home/EXAMPLE/profiles/
>         read only = no
> 
> But it doesn't work with this configuration.
It should.
> 
> Or does I need these lines also? I don't need a login of the
> domainusers.
> 
> # Template settings for login shell and home directory
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /home/%U
You only need those lines for users to log into the Unix domain member.

Have you read this:

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

Rowland
> 
>

Yes I read it and made the permissions like this with windows ACLs. And
that is the reason, why I need help.
I'm also not sure if it is a SAMBA-problem. Any ideas?

2018-05-15 11:10 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Tue, 15 May 2018 10:53:26 +0200
> Michael Funke <maniac.macpain at gmail.com> wrote:
>
> > thank you, but it was only a copy/paste mistake. My config looks like
> > this: [global]
> >         security = ADS
> >         workgroup = EXAMPLE
> >         realm = EXAMPLE.LOCAL
> >
> >         log file = /var/log/samba/%m.log
> >         log level = 1
> >
> >         # Default ID mapping configuration for local BUILTIN accounts
> >         # and groups on a domain member. The default (*) domain:
> >         # - must not overlap with any domain ID mapping configuration!
> >         # - must use a read-write-enabled back end, such as tdb.
> >         # - Adding just this is not enough
> >         # - You must set a DOMAIN backend configuration, see below
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >         idmap config EXAMPLE : backend = rid
> >         idmap config EXAMPLE : range = 1000000 - 1999999
> >         winbind enum users = yes
> >         winbind enum groups = yes
> >         winbind use default domain = yes
> >         winbind refresh tickets = yes
> >         template shell = /bin/bash
> >
> >         vfs objects = acl_xattr
> >         map acl inherit = yes
> >         store dos attributes = yes
> >
> >         acl allow execute always = yes
> >
> > [profiles]
> >         path = /home/EXAMPLE/profiles/
> >         read only = no
> >
> > But it doesn't work with this configuration.
>
> It should.
>
> >
> > Or does I need these lines also? I don't need a login of the
> > domainusers.
> >
> > # Template settings for login shell and home directory
> > winbind nss info = template
> > template shell = /bin/bash
> > template homedir = /home/%U
>
> You only need those lines for users to log into the Unix domain member.
>
> Have you read this:
>
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>
> Rowland
>
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>