[Samba] samba4 profiles problems

Rob Verduijn rob.verduijn at gmail.com
Fri Nov 1 11:56:22 MDT 2013 

Hello,

Thank you for your help.
Having tried your solution, I can say it does not work with a samba4 DC.

(A lot) More googling yielded the solution :

Install the ad management tools on a windows client,
See here for instructions:
https://wiki.samba.org/index.php/Samba_AD_management_from_windows

Join the windows pc to the samba ad domain.

I've found a samba4 howto which was very helpfull,
 the magic is you have to issue the 'net rpc rights grant' command
mentioned in here:
https://wiki.samba.org/index.php/Setup_and_configure_file_shares

Set the share rights (using windows) as described in this page:
https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
Also set the global group policy as described.
Note: if you put the profiles folder in a subfolder of the
samba/sysvol folder your security rights will look a lot more
different from the ones in the example.

Create a new user in the ad (using the windows ad management tools again).
Log in as the user.

This is my smb.conf
Note the fact that there are only 3 lines for the profiles share. (and
all the others as wel)
You no longer manager that stuff with the smb.conf, it's in the registry now.

I've created the Profiles folder with the default permission, user and group:
permissions 755
user : root
group : root

#Global parameters
[global]
        workgroup = TJAKO
        realm = TJAKO.THUIS
        netbios name = SAMBA2
        server role = active directory domain controller
        dns forwarder = 172.16.1.13
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/tjako.thuis/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[Profiles]
        path = /home/Profiles
        read only = No

Rob

2013/10/30 steve <steve at steve-ss.com>:
> On Wed, 2013-10-30 at 11:38 +0100, Rob Verduijn wrote:
>
>>
>> [Profiles]
>>         path = /var/lib/samba/sysvol/Profiles
>>         read only = no
>>
>> Anybody who can help me out ?
>> Rob
>
>
> Hi
> If you want to do it via smb.conf then this works OK on a Samba4 file
> server:
>
> [profiles]
> path = /home/profiles
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> browseable = No
> guest ok = No
> printable = No
> profile acls = Yes
> csc policy = disable
>
> /home/profiles is root:root 1777
> Not sure about serving the profiles from a DC though.
>
> Are you sure that your Domain Users can get at:
> path = /var/lib/samba/sysvol/Profiles
>
> Don't forget to set the profile path with either with samba-tool,
> ldbmodify or using windows ADUC. The latter may be the easier way:
> http://linuxcostablanca.blogspot.com.es/2012/02/s4-profiles.html
>
> HTH
> Steve
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list