Not quite 4 years ago I replaced our office SBS 2008 server with Samba4. I added Group Policies one of which was for Redirected Folders. I created a new GPO, "HPRS Groups" and did Edit > User Configuration > Policies > Windows Settings > Folder Redirection > right-click on Documents > Properties > Target = Settings Basic - Redirect everyone's folder to the same location; Target folder location: Create a folder for each user under the root; Root Path: \\mail.hprs.local. I repeated for Desktop, Start Menu and Favorites. The group policy was enabled for 'Authenticated Users'. After doing that, when a user logged into their own or another domain workstation with the new Samba4 AD/DC they got their redirected desktop, as expected. In July, 2016 I added a new user to the system. When she logged in on her Windows 7 workstation (which was already a domain member) she got her new redirected desktop as expected. Over the past month I have installed new Windows 7 work stations for 3 of the existing users. When I logged into the workstation as that user I DID NOT have their redirected desktops. The properties > Location of their Desktop file pointed to C:\Users\username\Desktop. Likewwise with 'My Documents' and 'Favorites'. I had to manually change these to point to \\mail.hprs.local\Users\username\Desktop. Also, when a current user now logs into a different workstation in the office they do not get their desktop like they used to. Does anyone know if something has changed with the way Samba4 deal with Group Policies since mid-2016? I'm at loss as to how to track down this problem. I believe I was on Samba 4.1.17 in mid-2016 and am now on 4.4.16, which is the current version for my Slackware 14.2 distro. THX --Mark
Hai Mark, Yes, i know this problem. Check the following. I use samba with AD backend. When i create a new users ( copy from other ), the user profile and homedir settings are copyied. In form of \\QFDN\users\%username% At the copy moment, the user folder is created. Now im setting UID/GIDs for the user, up2here its all working fine. When i now login with this users, i have the same, no folder redirections. When i remove the user folder, and reappy it again from RSAT, but now with the UID/GID set, Redirections work fine. If i create a new users, set this UID/GID first, and then set the profile/user folders it works fine. Can you try if this works for you also? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark > Foley via samba > Verzonden: woensdag 25 april 2018 4:17 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Are some Group Policies broken? > > Not quite 4 years ago I replaced our office SBS 2008 server > with Samba4. I added Group > Policies one of which was for Redirected Folders. I created > a new GPO, "HPRS Groups" and did > Edit > User Configuration > Policies > Windows Settings > > Folder Redirection > right-click on > Documents > Properties > Target = Settings Basic - Redirect > everyone's folder to the same > location; Target folder location: Create a folder for each > user under the root; Root Path: > \\mail.hprs.local. I repeated for Desktop, Start Menu and > Favorites. The group policy was > enabled for 'Authenticated Users'. > > After doing that, when a user logged into their own or > another domain workstation with the new > Samba4 AD/DC they got their redirected desktop, as expected. > > In July, 2016 I added a new user to the system. When she > logged in on her Windows 7 > workstation (which was already a domain member) she got her > new redirected desktop as expected. > > Over the past month I have installed new Windows 7 work > stations for 3 of the existing users. > When I logged into the workstation as that user I DID NOT > have their redirected desktops. The > properties > Location of their Desktop file pointed to > C:\Users\username\Desktop. Likewwise > with 'My Documents' and 'Favorites'. I had to manually change > these to point to > \\mail.hprs.local\Users\username\Desktop. Also, when a > current user now logs into a different > workstation in the office they do not get their desktop like > they used to. > > Does anyone know if something has changed with the way Samba4 > deal with Group Policies since > mid-2016? I'm at loss as to how to track down this problem. > > I believe I was on Samba 4.1.17 in mid-2016 and am now on > 4.4.16, which is the current version > for my Slackware 14.2 distro. > > THX --Mark > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Louis - thanks for this response. Unbeknownst to me my mail filter was not working and I've seen your message only today. I'm still struggling with this problem and have not found any answers yet. I'm interested in trying your solution, but need a bit of clarification. You wrote:> When i remove the user folder, and reappy it again from RSAT, but now with the UID/GID set, > Redirections work fine.Our users' redirected folder physically reside on \\ADDC\redirectedFolders\Users\username and have subfolders 'Desktop', 'Favorites' and 'My Documents', per the policy. Which user folder(s) are you saying you deleted? /redirectedFolders/Users/username, or one or all of the subfolders only? I assume you preserved the contents somewhere? When you say, "reappy it again from RSAT", from where are you doing this? Group Policy Management? What do you mean by "reapply"? Do you remove and recreate the Policy? Thanks for any help you can provide. I'm delaying adding a new domain member to the domain until I can get this solved. THX -- Mark On Wed, 25 Apr 2018 09:31:53 +0200 L.P.H. van Belle wrote:> > Hai Mark, > > Yes, i know this problem. > > Check the following. > > I use samba with AD backend. > When i create a new users ( copy from other ), the user profile and homedir settings are copyied. > In form of \\QFDN\users\%username% > > At the copy moment, the user folder is created. Now im setting UID/GIDs for the user, up2here its all working fine. > When i now login with this users, i have the same, no folder redirections. > > When i remove the user folder, and reappy it again from RSAT, but now with the UID/GID set, > Redirections work fine. > > If i create a new users, set this UID/GID first, and then set the profile/user folders it works fine. > > Can you try if this works for you also? > > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark > > Foley via samba > > Verzonden: woensdag 25 april 2018 4:17 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Are some Group Policies broken? > > > > Not quite 4 years ago I replaced our office SBS 2008 server > > with Samba4. I added Group > > Policies one of which was for Redirected Folders. I created > > a new GPO, "HPRS Groups" and did > > Edit > User Configuration > Policies > Windows Settings > > > Folder Redirection > right-click on > > Documents > Properties > Target = Settings Basic - Redirect > > everyone's folder to the same > > location; Target folder location: Create a folder for each > > user under the root; Root Path: > > \\mail.hprs.local. I repeated for Desktop, Start Menu and > > Favorites. The group policy was > > enabled for 'Authenticated Users'. > > > > After doing that, when a user logged into their own or > > another domain workstation with the new > > Samba4 AD/DC they got their redirected desktop, as expected. > > > > In July, 2016 I added a new user to the system. When she > > logged in on her Windows 7 > > workstation (which was already a domain member) she got her > > new redirected desktop as expected. > > > > Over the past month I have installed new Windows 7 work > > stations for 3 of the existing users. > > When I logged into the workstation as that user I DID NOT > > have their redirected desktops. The > > properties > Location of their Desktop file pointed to > > C:\Users\username\Desktop. Likewwise > > with 'My Documents' and 'Favorites'. I had to manually change > > these to point to > > \\mail.hprs.local\Users\username\Desktop. Also, when a > > current user now logs into a different > > workstation in the office they do not get their desktop like > > they used to. > > > > Does anyone know if something has changed with the way Samba4 > > deal with Group Policies since > > mid-2016? I'm at loss as to how to track down this problem. > > > > I believe I was on Samba 4.1.17 in mid-2016 and am now on > > 4.4.16, which is the current version > > for my Slackware 14.2 distro. > > > > THX --Mark > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
In order to get help using a more up-to-date version of Samba, I've just upgraded from 4.4.16 to 4.8.2. So far, nothing new seems to be broken, but I still have to track down some issues I've been having. First off, I notice that something has changed with my BUILTIN\administrators ID. before, I had, e.g.:> ls -l/var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4-AA63-FD8708A553D7\}/Machine/ total 16 drwxrwx--- 3 BUILTIN\administrators users 4096 2014-09-13 03:22 Microsoft/ -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* -rwxrwx--- 1 BUILTIN\administrators users 958 2014-09-13 04:01 Registry.pol* drwxrwx--- 4 BUILTIN\administrators users 4096 2014-09-13 03:22 Scripts/ Now, with 4.8.2, doing the same ls gives me:> ls -l/var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4-AA63-FD8708A553D7\}/Machine/ total 16 drwxrwx--- 3 3000000 users 4096 2014-09-13 03:22 Microsoft/ -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol* drwxrwx--- 4 3000000 users 4096 2014-09-13 03:22 Scripts/ Is this a problem? Why would that user now be missing? What should I do about this? THX --Mark
On Tue, 12 Jun 2018 16:53:30 -0400 Mark Foley via samba <samba at lists.samba.org> wrote:> In order to get help using a more up-to-date version of Samba, I've > just upgraded from 4.4.16 to 4.8.2. So far, nothing new seems to be > broken, but I still have to track down some issues I've been having. > > First off, I notice that something has changed with my > BUILTIN\administrators ID. before, I had, e.g.: > > > ls -l > /var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4-AA63-FD8708A553D7\}/Machine/ > total 16 > drwxrwx--- 3 BUILTIN\administrators users 4096 2014-09-13 03:22 > Microsoft/ -rwxrwx--- 1 root users 958 2014-09-13 > 04:01 Registry.po* -rwxrwx--- 1 BUILTIN\administrators users 958 > 2014-09-13 04:01 Registry.pol* drwxrwx--- 4 BUILTIN\administrators > users 4096 2014-09-13 03:22 Scripts/ > > Now, with 4.8.2, doing the same ls gives me: > > > ls -l > /var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4-AA63-FD8708A553D7\}/Machine/ > total 16 > drwxrwx--- 3 3000000 users 4096 2014-09-13 03:22 Microsoft/ > -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* > -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol* > drwxrwx--- 4 3000000 users 4096 2014-09-13 03:22 Scripts/ > > Is this a problem? Why would that user now be missing? What should I > do about this? > > THX --Mark >3000000 is very probably Administrators, has libnss_winbind etc been updated ? Rowland
Imo, this is a left over of an old bug, just remove the file Registry.po imo, i'll bet its never used. The computer looks for Registry.pol not Registry.po.> -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* > -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol*Look at the date 2014, and i do remember something about this. But... What does getfacl say about these files/folders Or get my script: https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh And see if there is something wrong here in you SID/UID mappins The script does not apply settings by default it only check and creates a file with the acl. So you can review it. And post you smb.conf that helps, really. You updated from 4.4 to 4.8, thats a big step. I have summerices the smb.conf changes, i suggest review it carefully again. http://downloads.van-belle.nl/samba4/Upgrade-info.txt Or https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) The complete list. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: woensdag 13 juni 2018 8:33 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Admin UID changed with upgrade to 4.8.2 > > On Tue, 12 Jun 2018 16:53:30 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > In order to get help using a more up-to-date version of Samba, I've > > just upgraded from 4.4.16 to 4.8.2. So far, nothing new seems to be > > broken, but I still have to track down some issues I've been having. > > > > First off, I notice that something has changed with my > > BUILTIN\administrators ID. before, I had, e.g.: > > > > > ls -l > > > /var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4 > -AA63-FD8708A553D7\}/Machine/ > > total 16 > > drwxrwx--- 3 BUILTIN\administrators users 4096 2014-09-13 03:22 > > Microsoft/ -rwxrwx--- 1 root users 958 2014-09-13 > > 04:01 Registry.po* -rwxrwx--- 1 BUILTIN\administrators users 958 > > 2014-09-13 04:01 Registry.pol* drwxrwx--- 4 BUILTIN\administrators > > users 4096 2014-09-13 03:22 Scripts/ > > > > Now, with 4.8.2, doing the same ls gives me: > > > > > ls -l > > > /var/lib/samba/sysvol/hprs.local/policies/\{B78D19CB-914B-48F4 > -AA63-FD8708A553D7\}/Machine/ > > total 16 > > drwxrwx--- 3 3000000 users 4096 2014-09-13 03:22 Microsoft/ > > -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* > > -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol* > > drwxrwx--- 4 3000000 users 4096 2014-09-13 03:22 Scripts/ > > > > Is this a problem? Why would that user now be missing? What should I > > do about this? > > > > THX --Mark > > > > 3000000 is very probably Administrators, has libnss_winbind etc been > updated ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >