[Samba] Samba PDC problem

Nicola Murino n.murino at theorematica.it
Tue Jul 12 14:48:51 GMT 2005


Sorry, I haven't seen this

thanks for help
Nicola


John H Terpstra ha scritto:

>On Tuesday 12 July 2005 01:50, Nicola Murino wrote:
>  
>
>>My clients are windows xp sp2, however there is the same function:
>>
>>Start->Run->gpedit.msc
>>LocalComputerPolicy -> ComputerConfiguration
>>AdministrativeTemplates -> System -> User Profile -> Do not check for
>>user ownership of Roaming profiles set to enable
>>
>>now a basic PDC works :-),
>>
>>thanks
>>Nicola
>>
>>P.S. If this is a common problem (I have this issue with different samba
>>versions on different distributions) maybe would be a good idea insert
>>this issue in samba faq or in documentation such as samba by example or
>>other samba official doc (excuse me if it is already inserted)
>>    
>>
>
>Please refer to the book, "The Official Samba-3 HOWTO and Reference Guide", 
>second edition, Chapter 26, Section 26.2.2.3.
>
>This book is being printed and is due to be released at LinuxWorld San 
>Francisco. You can obtain a PDF of it from:
>http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
>
>Cheers,
>John T.
>
>  
>
>>Пустовалов Леонид Тимофеевич ha scritto:
>>    
>>
>>>Hello Nicola,
>>>
>>>Monday, July 11, 2005, 8:16:16 PM, you wrote:
>>>
>>>if client = windows 2000
>>>try to Start -> Run -> gpedit.msc
>>>LocalComputerPolicy -> ComputerConfiguration ->
>>>AdministrativeTemplates -> System -> Logon -> Do not check for user
>>>ownership of Roaming profiles
>>>set to Enable
>>>
>>>NM> Hi all,
>>>
>>>NM> I'm trying to configure samba as PDC, I have a problem when windows
>>>NM> client log in this is the error:
>>>
>>>NM> Windows cannot load the profile and is logging you on with a temporary
>>>NM> profile. Changes you make to this profile will be lost when  you log
>>>off
>>>
>>>NM> I have samba-3.0.11 and smbldap-tools-0.8.8. I tryed also samba-3.0.14
>>>NM> and smbldap-tools-0-9.1, I have the same problem on Gentoo and on
>>>Fedora NM> Core4
>>>
>>>NM> my configuration file
>>>
>>>NM> smb.conf:
>>>
>>>NM> [global]
>>>NM>         workgroup = THEOREMATICA
>>>NM>         netbios name = FERRARI
>>>NM>         enable privileges = yes
>>>NM>         interfaces = 10.88.77.201
>>>NM>         bind interfaces only = yes
>>>NM>         username map = /etc/samba/smbusers
>>>NM>         server string = Samba PDC Server
>>>NM>         hosts allow = 10.88.77.0/24 127.0.0.0/8
>>>NM>         security = user
>>>NM>         encrypt passwords = Yes
>>>NM>         min passwd length = 3
>>>NM>         obey pam restrictions = No
>>>NM>         #unix password sync = Yes
>>>NM>         #passwd program = /usr/sbin/smbldap-passwd -u %u
>>>NM>         #passwd chat = "Changing password for*\nNew password*" %n\n
>>>NM> "*Retype new password*" %n\n"
>>>NM>         ldap passwd sync = Yes
>>>NM>         log level = 0
>>>NM>         syslog = 0
>>>NM>         log file = /var/log/samba/log.%m
>>>NM>         max log size = 100000
>>>NM>         time server = Yes
>>>NM>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>NM>         mangling method = hash2
>>>NM>         Dos charset = 850
>>>NM>         Unix charset = ISO8859-1
>>>
>>>NM>         logon script = STARTUP.BAT
>>>NM>         #logon script =
>>>NM>         #logon drive = H:
>>>NM>         logon drive =
>>>NM>         #logon home = \\%L\%U
>>>NM>         logon home =
>>>NM>         #logon path = \\%L\profiles\%U
>>>NM>         logon path =
>>>
>>>NM>         domain logons = Yes
>>>NM>         #os level = 65
>>>NM>         os level = 200
>>>NM>         preferred master = Yes
>>>NM>         domain master = Yes
>>>NM>         wins support = Yes
>>>NM>         name resolve order = wins lmhosts hosts bcast
>>>NM>         dns proxy = no
>>>NM>         passdb backend = ldapsam:ldap://127.0.0.1/
>>>NM>         # passdb backend = ldapsam:"ldap://127.0.0.1/
>>>NM> ldap://slave.idealx.com"
>>>NM>         # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>>NM>         ldap admin dn = cn=Manager,dc=theorematica,dc=it
>>>NM>         ldap suffix = dc=theorematica,dc=it
>>>NM>         ldap group suffix = ou=Groups
>>>NM>         ldap user suffix = ou=Users
>>>NM>         ldap machine suffix = ou=Computers
>>>NM>         ldap idmap suffix = ou=Users
>>>NM>         #ldap ssl = start tls
>>>NM>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>>>NM>         ldap delete dn = Yes
>>>NM>         #delete user script = /usr/sbin/smbldap-userdel "%u"
>>>NM>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>>NM>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>>NM>         #delete group script = /usr/sbin/smbldap-groupdel "%g"
>>>NM>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
>>>"%g" NM>         delete user from group script =
>>>/usr/sbin/smbldap-groupmod -x NM> "%u" "%g"
>>>NM>         set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>>>"%u"
>>>
>>>NM> # printers configuration
>>>NM>         printer admin = @"Print Operators"
>>>NM>         load printers = Yes
>>>NM>         create mask = 0640
>>>NM>         directory mask = 0750
>>>NM>         nt acl support = No
>>>NM>         printing = cups
>>>NM>         printcap name = cups
>>>NM>         deadtime = 10
>>>NM>         guest account = nobody
>>>NM>         map to guest = Bad User
>>>NM>         dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>>>NM>         show add printer wizard = yes
>>>NM> ; to maintain capital letters in shortcuts in any of the profile
>>>folders: NM>         preserve case = yes
>>>NM>         short preserve case = yes
>>>NM>         case sensitive = no
>>>
>>>NM> [homes]
>>>NM>         comment = Directory personale di %U, %u
>>>NM>         read only = No
>>>NM>         create mask = 0644
>>>NM>         directory mask = 0775
>>>NM>         browseable = No
>>>
>>>NM> [netlogon]
>>>NM>         path = /var/lib/samba/netlogon
>>>NM>         browseable = No
>>>NM>         read only = yes
>>>
>>>NM> [doc]
>>>NM>         path=/usr/share/doc
>>>NM>         public=yes
>>>NM>         writable=no
>>>NM>         read only=no
>>>NM>         create mask = 0750
>>>NM>         guest ok = Yes
>>>
>>>NM> [profiles]
>>>NM>         path = /var/lib/samba/profiles
>>>NM>         writable = yes
>>>NM>         create mask = 0600
>>>NM>         directory mask = 0700
>>>NM> #        browseable = no
>>>NM> #       default case = lower
>>>NM> #       preserve case = no
>>>NM> #       short preserve case = no
>>>NM> #       case sensitive = no
>>>NM> #       hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>>NM> #        guest ok = no
>>>NM>         #profile acls = Yes
>>>NM> #        profile acls = No
>>>NM> #        csc policy = disable
>>>NM> # next line is a great way to secure the profiles
>>>NM> #        force user = %U
>>>NM> # next line allows administrator to access all profiles
>>>NM>         #valid users = %U @"Domain Admins"
>>>NM>         #valid users = %U
>>>NM>         #root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e
>>>NM> $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
>>>
>>>NM> I tryed most combinations of the commented options in profiles section
>>>
>>>NM> ls -la /var/lib/samba/profiles/
>>>NM> total 0
>>>NM> drwxr-x---  4 root   root          96 Jul 11 18:51 .
>>>NM> drwxr-xr-x  6 root   root         144 Jun 23 21:16 ..
>>>NM> drwx------  2 nicola Domain Users  48 Jul 11 18:20 nicola
>>>NM> drwx------  2 test   Domain Users  48 Jul 11 17:54 test
>>>
>>>NM> please some suggestions,
>>>
>>>NM> thanks
>>>NM> Nicola
>>>      
>>>
>
>  
>



More information about the samba mailing list