[Samba] user profil wipe in a samba 4 AD domain

Rowland Penny rowlandpenny at googlemail.com
Thu Jun 11 07:52:36 MDT 2015


On 11/06/15 14:12, joseph-andre Guaragna wrote:
> I look at your article, and it did not change my view about profile.
> As we did not use any roaming/mandatory profile, nor we have any
> redirection.
>
> the only roaming we have is dedicated to few users and we use NFS as
> they are under linux, and way more simpler to set up. Strangely we do
> not have problems with those profiles. Maybe I am in a situation were
> : "You can't see the wood for the trees" .
>
>
> Meilleures salutations / Best regards,
>
> Joseph-André GUARAGNA
> ingénieur Système et Réseau / Network and System engineer
>
>
>
> RD MACHINES-OUTILS
>
> 77, allée de l'Industrie  F-74130 CONTAMINE SUR ARVE
> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
> www.rdmo.com / www.rdmo-spare-parts.com
>
>
> 2015-06-11 14:40 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>> On 11/06/15 12:56, joseph-andre Guaragna wrote:
>>> OK for the local profiles. I got both of them one call joe and the
>>> other domain.joe.
>>> Saw it, no problem about that. I copied the data from local to domain one.
>>>
>>> The thing is that after few days the domain.joe was emptied. The joe
>>> did stay the same.
>>>
>>> And I do not get why the domain.joe got blanked (all data gone)
>>>
>>> Cheers for the help
>>>
>>> Meilleures salutations / Best regards,
>>>
>>> Joseph-André GUARAGNA
>>> ingénieur Système et Réseau / Network and System engineer
>>>
>>>
>>>
>>> RD MACHINES-OUTILS
>>>
>>> 77, allée de l'Industrie  F-74130 CONTAMINE SUR ARVE
>>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
>>> www.rdmo.com / www.rdmo-spare-parts.com
>>>
>>>
>>> 2015-06-11 13:04 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>> On 11/06/15 11:28, joseph-andre Guaragna wrote:
>>>>> No they used to be in WORKGROUP.
>>>>>
>>>>> As we have an heterogeneous fleet 25 Linux and 7 windows 7. We decide
>>>>> to move a more centralised way of identifying our users.
>>>>>
>>>>> At first everything work then, we ran in the situation described below.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Meilleures salutations / Best regards,
>>>>>
>>>>> Joseph-André GUARAGNA
>>>>> ingénieur Système et Réseau / Network and System engineer
>>>>>
>>>>>
>>>>>
>>>>> RD MACHINES-OUTILS
>>>>>
>>>>> 77, allée de l'Industrie  F-74130 CONTAMINE SUR ARVE
>>>>> Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
>>>>> www.rdmo.com / www.rdmo-spare-parts.com
>>>>>
>>>>>
>>>>> 2015-06-11 11:59 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>>>> On 11/06/15 10:13, joseph-andre Guaragna wrote:
>>>>>>> 2015-06-11 11:03 GMT+02:00 Rowland Penny
>>>>>>> <rowlandpenny at googlemail.com>:
>>>>>>>> On 11/06/15 08:09, joseph-andre Guaragna wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> We have set up an Active Directory using samba4 (Zentyal),
>>>>>>>>> everything
>>>>>>>>> seems to be all right tilll the point were user profile are wiped
>>>>>>>>> out.
>>>>>>>>
>>>>>>>> What do you mean by 'user profile are wiped out' ?
>>>>>>> I mean all user data wiped
>>>>>>>> Do you mean just one user is removed ?
>>>>>>> all user from the workstation
>>>>>>>> Or something else ?
>>>>>>>>
>>>>>>>> How is the 'wiping' being done ?
>>>>>>> the user's folder still exist but there is no data, it is like is
>>>>>>> recreated the whole profile
>>>>>>>>> We noticed when one of our linux uer tryed to connect to a windows
>>>>>>>>> workstation. It was allow so it juste created the user on the
>>>>>>>>> windows
>>>>>>>>> workstation. Few minutes later we realize that every domain account
>>>>>>>>> on
>>>>>>>>> the windows box were wiped, and the linux account also wiped.
>>>>>>>>
>>>>>>>> So the user can login but all other domain accounts on the PC have
>>>>>>>> gone,
>>>>>>>> Do
>>>>>>>> the domain Accounts still exist on the AD DC ?
>>>>>>> Yes the users still exists on the domain, and can still connect on any
>>>>>>> workstation they are supposed to.
>>>>>>>>
>>>>>>>>> We could not find any reason for that, nor explanation in the log, I
>>>>>>>>> may be missing something as I could not understand all the
>>>>>>>>> mechanisms
>>>>>>>>> involved.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> we use samba 4.0. and pbis 8.2 client on the linux boxes.
>>>>>>>>>
>>>>>>>> Rowland
>>>>>>>>
>>>>>>>>> Thanks for your help
>>>>>>>>>
>>>>>>>>>
>>>>>>>      Joseph GUARAGNA
>>>>>>
>>>>>> Taking this back on list where it belongs.
>>>>>>
>>>>>> I think I understand your problem now, but just a few questions to
>>>>>> confirm
>>>>>> what I am thinking.
>>>>>> Were your windows machines part of a domain before ?
>>>>>> If so, what type of domain ?
>>>>>> If there was a domain, what was the server ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>> Will you please not send posts directly to me, please reply to the list.
>>>>
>>>> OK, your answer confirms what I thought, your original profiles haven't
>>>> gone
>>>> away, they will still be there, but you cannot see them because they are
>>>> 'local' profiles and you are now using 'domain' profiles.
>>>>
>>>> i.e. local user joe is NOT the same user as DOMAIN\joe
>>>>
>>>>
>>>> Rowland
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> I think you need to understand profiles a bit better, start here:
>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

You are still thinking 'WORKGROUP', do you realise that your users can 
now log into *any* of your PCs, even your Unix users ?

You need to do a lot more reading, start here: 
https://msdn.microsoft.com/en-us/library/bb726990.aspx

And then try searching the internet with 'Active Directory profiles'

Rowland



More information about the samba mailing list