[Samba] Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]

Sat Jul 4 17:59:03 UTC 2015

Could you try giving domain users rwx control of profile folder this way:

setfacl -m g:users:rwx
On Jul 4, 2015 1:53 PM, "Gary Dale" <garydale at torfree.net> wrote:

> On 04/07/15 04:22 AM, Rowland Penny wrote:
>
>> On 04/07/15 00:58, Gary Dale wrote:
>>
>>> On 03/07/15 01:21 PM, Rowland Penny wrote:
>>>
>>>> On 03/07/15 17:45, Gary Dale wrote:
>>>>
>>>>> On 03/07/15 02:44 AM, Gary Dale wrote:
>>>>>
>>>>>> I've got roaming profiles for one account on a Debian/Jessie AD DC
>>>>>> server but I can't get them to work for the other accounts. The differences
>>>>>> are that the one account is also a Linux account in the AD DC and is in the
>>>>>> Domain Admins group. The other accounts were created with ADUC on a Windows
>>>>>> 7 machine logged in as the Domain Admins user just mentioned. They are
>>>>>> Domain Users but not Admins and have no corresponding Linux account.
>>>>>>
>>>>>> I got that one account to work by taking ownership of its profile
>>>>>> directory. However Windows 7 currently only offers me two choices for
>>>>>> accounts that can take ownership of a profile directory (Domain Admins and
>>>>>> that one account are both listed. Other accounts are not in the
>>>>>> creator/owner tab).
>>>>>>
>>>>>> I've given Domain User full control of the profile folders but that
>>>>>> doesn't seem to be good enough to get the profiles to be loaded and saved
>>>>>> (the Linux permissions are 777).
>>>>>>
>>>>>> And yes, Ive set profile for each user using the Windows MMC plugin.
>>>>>>
>>>>>> Any ideas on what I'm missing?
>>>>>>
>>>>>
>>>>> Further to above, I added one of the user accounts to the Domain
>>>>> Admins but still couldn't get a roaming profile to work for it.
>>>>>
>>>>
>>>> Hi, have a look here:
>>>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>>>>
>>>> Rowland
>>>>
>>>
>>> Thanks. I'd been trying that without success. The section on using ACLs
>>> doesn't work in my case for some reason.
>>>
>>>
>> The 'reason' is probably why profiles don't work.
>>
>> Are you doing this on a DC or a member server ? on a DC I get this:
>>
>> root at dc01:~# getent group "domain admins"
>> EXAMPLE\Domain Admins:*:10002:
>>
>> and on a member server:
>>
>> rowland at ThinkPad ~ $ getent group "domain admins"
>> domain_admins:x:10002:s4admin,rowland,administrator
>>
>> I have RFC2307 attributes in AD and winbind set up on both.
>>
>
> I get nothing when I run the command on the AD DC. There are currently no
> member servers.
>
> I followed the instructions at
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and did include the
> --use-rfc2307. The only change I made was it doesn't actually mention
> installing kerberos but I found it necessary when I got to the configure
> kerberos section.
>
> According to the wiki, I don't have to do any winbind config, although
> they don't recommend using a DC as a file server due to some problems with
> winbind. Unfortunately I only have the one server in this location.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>