[Samba] temporary profiles problem - don't want roaming profiles
Jeff Dickens
jeff at seamanpaper.com
Wed Oct 17 12:40:27 MDT 2012
Apparently my problem is a bad combination of mystifying and uninteresting
:-) since I've not had a reply.
Can anyone maybe suggest how to debug this? How can I find out what name
it's looking for when it gets "The network name cannot be found" ?
Is it true that I should be able to have a Samba-3 Domain without roaming
profiles by just specifying
logon path =
logon home =
in smb.conf and not providing any *sambaProfilePath* attribute in LDAP ?
On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens <jeff at seamanpaper.com> wrote:
> I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two
> remote sites, I have some Samba BDCs.
>
> For now I've manually entered the DCs as WINS servers on the workstations
> I'm using for testing. At the remote sites, I can log in with an account
> that has no logon path or logon home specified, and it works perfectly.
> But at the main site, when I try to log on to one of these accounts I get
> first get the "can't find the server copy of the roaming profile" and then
> "can't find the local profile logging you in with a temporary profile"
> errors. I can't figure this one out. I'm using the same account, and the
> samba setups are nearly identical - just one is a BDC and one a PDC.
>
> This is smb.conf on the PDC:
>
> [global]
> workgroup = SEAMANPAPER
> server string = %h server (Samba, Ubuntu)
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = ldapsam:ldap://localhost
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> smb ports = 137 138 139 445
> name resolve order = wins bcast hosts
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
> logon path =
> logon home =
> domain logons = Yes
> os level = 65
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=intranet,dc=seamanpaper,dc=com
> ldap ssl = no
> ldap user suffix = ou=People
> panic action = /usr/share/samba/panic-action %d
> idmap config * : range = 1000000-1999999
> idmap config * : backend = ldap
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [profiles]
> comment = Windows Profiles
> path = /home/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> store dos attributes = Yes
> browseable = No
> csc policy = disable
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = Yes
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> and on the BDC:
>
>
> [global]
> workgroup = SEAMANPAPER
> server string = %h server (Samba, Ubuntu)
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = ldapsam:ldap://localhost
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> smb ports = 137 138 139 445
> name resolve order = wins bcast hosts
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
> logon path =
> logon home =
> domain logons = Yes
> os level = 65
> domain master = No
> dns proxy = No
> wins proxy = Yes
> wins server = 192.168.10.127
> ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=intranet,dc=seamanpaper,dc=com
> ldap ssl = no
> ldap user suffix = ou=People
> panic action = /usr/share/samba/panic-action %d
> idmap config * : range = 1000000-1999999
> idmap config * : backend = ldap
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [profiles]
> comment = Windows Profiles
> path = /home/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> store dos attributes = Yes
> browseable = No
> csc policy = disable
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = Yes
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
>
> Also notice that my account (which has a roaming profile and works fine at
> all sites) has a "sambaProfilePath" attribute and the boris and rpoole
> accounts don't. This should make them no-roaming-profile accounts but it
> doesn't work consistently. It works at the two satellite sites but not at
> my main site.
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*jeff*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
> *sambaProfilePath: \\wilkins1\home\.winProfile*
> root at grackle:~#
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*boris*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*rpoole*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
>
>
> --
> * Jeff Dickens*
> IT Manager 978-632-1513
>
>
>
--
* Jeff Dickens*
IT Manager 978-632-1513
More information about the samba
mailing list