[Samba] Samba PDC problem
Nicola Murino
n.murino at theorematica.it
Tue Jul 12 14:48:51 GMT 2005
Sorry, I haven't seen this
thanks for help
Nicola
John H Terpstra ha scritto:
>On Tuesday 12 July 2005 01:50, Nicola Murino wrote:
>
>
>>My clients are windows xp sp2, however there is the same function:
>>
>>Start->Run->gpedit.msc
>>LocalComputerPolicy -> ComputerConfiguration
>>AdministrativeTemplates -> System -> User Profile -> Do not check for
>>user ownership of Roaming profiles set to enable
>>
>>now a basic PDC works :-),
>>
>>thanks
>>Nicola
>>
>>P.S. If this is a common problem (I have this issue with different samba
>>versions on different distributions) maybe would be a good idea insert
>>this issue in samba faq or in documentation such as samba by example or
>>other samba official doc (excuse me if it is already inserted)
>>
>>
>
>Please refer to the book, "The Official Samba-3 HOWTO and Reference Guide",
>second edition, Chapter 26, Section 26.2.2.3.
>
>This book is being printed and is due to be released at LinuxWorld San
>Francisco. You can obtain a PDF of it from:
>http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
>
>Cheers,
>John T.
>
>
>
>>Пустовалов Леонид Тимофеевич ha scritto:
>>
>>
>>>Hello Nicola,
>>>
>>>Monday, July 11, 2005, 8:16:16 PM, you wrote:
>>>
>>>if client = windows 2000
>>>try to Start -> Run -> gpedit.msc
>>>LocalComputerPolicy -> ComputerConfiguration ->
>>>AdministrativeTemplates -> System -> Logon -> Do not check for user
>>>ownership of Roaming profiles
>>>set to Enable
>>>
>>>NM> Hi all,
>>>
>>>NM> I'm trying to configure samba as PDC, I have a problem when windows
>>>NM> client log in this is the error:
>>>
>>>NM> Windows cannot load the profile and is logging you on with a temporary
>>>NM> profile. Changes you make to this profile will be lost when you log
>>>off
>>>
>>>NM> I have samba-3.0.11 and smbldap-tools-0.8.8. I tryed also samba-3.0.14
>>>NM> and smbldap-tools-0-9.1, I have the same problem on Gentoo and on
>>>Fedora NM> Core4
>>>
>>>NM> my configuration file
>>>
>>>NM> smb.conf:
>>>
>>>NM> [global]
>>>NM> workgroup = THEOREMATICA
>>>NM> netbios name = FERRARI
>>>NM> enable privileges = yes
>>>NM> interfaces = 10.88.77.201
>>>NM> bind interfaces only = yes
>>>NM> username map = /etc/samba/smbusers
>>>NM> server string = Samba PDC Server
>>>NM> hosts allow = 10.88.77.0/24 127.0.0.0/8
>>>NM> security = user
>>>NM> encrypt passwords = Yes
>>>NM> min passwd length = 3
>>>NM> obey pam restrictions = No
>>>NM> #unix password sync = Yes
>>>NM> #passwd program = /usr/sbin/smbldap-passwd -u %u
>>>NM> #passwd chat = "Changing password for*\nNew password*" %n\n
>>>NM> "*Retype new password*" %n\n"
>>>NM> ldap passwd sync = Yes
>>>NM> log level = 0
>>>NM> syslog = 0
>>>NM> log file = /var/log/samba/log.%m
>>>NM> max log size = 100000
>>>NM> time server = Yes
>>>NM> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>NM> mangling method = hash2
>>>NM> Dos charset = 850
>>>NM> Unix charset = ISO8859-1
>>>
>>>NM> logon script = STARTUP.BAT
>>>NM> #logon script =
>>>NM> #logon drive = H:
>>>NM> logon drive =
>>>NM> #logon home = \\%L\%U
>>>NM> logon home =
>>>NM> #logon path = \\%L\profiles\%U
>>>NM> logon path =
>>>
>>>NM> domain logons = Yes
>>>NM> #os level = 65
>>>NM> os level = 200
>>>NM> preferred master = Yes
>>>NM> domain master = Yes
>>>NM> wins support = Yes
>>>NM> name resolve order = wins lmhosts hosts bcast
>>>NM> dns proxy = no
>>>NM> passdb backend = ldapsam:ldap://127.0.0.1/
>>>NM> # passdb backend = ldapsam:"ldap://127.0.0.1/
>>>NM> ldap://slave.idealx.com"
>>>NM> # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>>NM> ldap admin dn = cn=Manager,dc=theorematica,dc=it
>>>NM> ldap suffix = dc=theorematica,dc=it
>>>NM> ldap group suffix = ou=Groups
>>>NM> ldap user suffix = ou=Users
>>>NM> ldap machine suffix = ou=Computers
>>>NM> ldap idmap suffix = ou=Users
>>>NM> #ldap ssl = start tls
>>>NM> add user script = /usr/sbin/smbldap-useradd -m "%u"
>>>NM> ldap delete dn = Yes
>>>NM> #delete user script = /usr/sbin/smbldap-userdel "%u"
>>>NM> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>>NM> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>>NM> #delete group script = /usr/sbin/smbldap-groupdel "%g"
>>>NM> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
>>>"%g" NM> delete user from group script =
>>>/usr/sbin/smbldap-groupmod -x NM> "%u" "%g"
>>>NM> set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>>>"%u"
>>>
>>>NM> # printers configuration
>>>NM> printer admin = @"Print Operators"
>>>NM> load printers = Yes
>>>NM> create mask = 0640
>>>NM> directory mask = 0750
>>>NM> nt acl support = No
>>>NM> printing = cups
>>>NM> printcap name = cups
>>>NM> deadtime = 10
>>>NM> guest account = nobody
>>>NM> map to guest = Bad User
>>>NM> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>>>NM> show add printer wizard = yes
>>>NM> ; to maintain capital letters in shortcuts in any of the profile
>>>folders: NM> preserve case = yes
>>>NM> short preserve case = yes
>>>NM> case sensitive = no
>>>
>>>NM> [homes]
>>>NM> comment = Directory personale di %U, %u
>>>NM> read only = No
>>>NM> create mask = 0644
>>>NM> directory mask = 0775
>>>NM> browseable = No
>>>
>>>NM> [netlogon]
>>>NM> path = /var/lib/samba/netlogon
>>>NM> browseable = No
>>>NM> read only = yes
>>>
>>>NM> [doc]
>>>NM> path=/usr/share/doc
>>>NM> public=yes
>>>NM> writable=no
>>>NM> read only=no
>>>NM> create mask = 0750
>>>NM> guest ok = Yes
>>>
>>>NM> [profiles]
>>>NM> path = /var/lib/samba/profiles
>>>NM> writable = yes
>>>NM> create mask = 0600
>>>NM> directory mask = 0700
>>>NM> # browseable = no
>>>NM> # default case = lower
>>>NM> # preserve case = no
>>>NM> # short preserve case = no
>>>NM> # case sensitive = no
>>>NM> # hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>>NM> # guest ok = no
>>>NM> #profile acls = Yes
>>>NM> # profile acls = No
>>>NM> # csc policy = disable
>>>NM> # next line is a great way to secure the profiles
>>>NM> # force user = %U
>>>NM> # next line allows administrator to access all profiles
>>>NM> #valid users = %U @"Domain Admins"
>>>NM> #valid users = %U
>>>NM> #root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e
>>>NM> $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
>>>
>>>NM> I tryed most combinations of the commented options in profiles section
>>>
>>>NM> ls -la /var/lib/samba/profiles/
>>>NM> total 0
>>>NM> drwxr-x--- 4 root root 96 Jul 11 18:51 .
>>>NM> drwxr-xr-x 6 root root 144 Jun 23 21:16 ..
>>>NM> drwx------ 2 nicola Domain Users 48 Jul 11 18:20 nicola
>>>NM> drwx------ 2 test Domain Users 48 Jul 11 17:54 test
>>>
>>>NM> please some suggestions,
>>>
>>>NM> thanks
>>>NM> Nicola
>>>
>>>
>
>
>
More information about the samba
mailing list