[Samba] Users, home directories and profiles

Enrico Morelli morelli at cerm.unifi.it
Tue Jun 30 12:43:58 UTC 2020 

On Tue, 30 Jun 2020 12:00:32 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Read :
> https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.3-samba-member-fileserver-rights-example.txt 
> 
> This Still works for buster and other samba versions ( im now running
> 4.12.x ) for my servers. 
> 
> For your profiles; Add : acl_xattr:ignore system acl = yes in
> smb.conf on the share where you need it. 
> 
> Make/set the needed base rigths FROM WITHIN Linux then first
> configure the share FROM WITHIN Windows and while your logged in as
> DOM\Administrator. And then FROM WITHIN Windows set the needed rights
> on through security tab. 
> 
> Done, dont touch it again from linux ( use getfacl to backup the
> rights )
> 
> Because only windows will use profiles and you simple have a better
> match in ACL's I do the same for users, but thats a choice. 
> 
> I've started on my new server and im writing out the steps, takes
> some time.. 
> 


I tried to follow your guide, but when I open the shared from the
Windows client I've two problem:

1) I'm unable to create a folder under users because Windows say that
I've no permission to do that (my user is in the Administrator group)
2) when I try to open Security tab the window crash

> 
> > > > In the windows log events I've the following error:
> > > > the processing of Group Policy failed. Windows could not   
> > resolve the  
> > > > user name. This could be caused by one of more of the
> > > > following : a) Name Resolution failure on the current domain
> > > > controller b) Active Directory Replication Latency
> > > >   
> About this, enable Wait for Network in windows. 
> Its a GPO. 
> 
> This should get you where you need to be. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Enrico Morelli via samba
> > Verzonden: dinsdag 30 juni 2020 11:41
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Users, home directories and profiles
> > 
> > On Thu, 25 Jun 2020 14:14:46 +0200
> > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> >   
> > > On Tue, 23 Jun 2020 14:56:57 +0200
> > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > >   
> > > > On Tue, 23 Jun 2020 12:37:16 +0200
> > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > >     
> > > > > On Mon, 22 Jun 2020 13:54:38 +0100
> > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > >       
> > > > > > On 22/06/2020 13:50, Enrico Morelli wrote:        
> > > > > > > On Mon, 22 Jun 2020 11:46:55 +0100
> > > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > > >          
> > > > > > >> On 22/06/2020 11:33, Enrico Morelli wrote:          
> > > > > > >>> [global]
> > > > > > >>> 	dns forwarder = 150.217.1.32
> > > > > > >>> 	netbios name = FIORGEN7
> > > > > > >>> 	realm = CERM.UNIFI.IT
> > > > > > >>> 	server role = active directory domain controller
> > > > > > >>> 	workgroup = CERM
> > > > > > >>> 	idmap_ldb:use rfc2307 = yes
> > > > > > >>> 	vfs objects = acl_xattr
> > > > > > >>> 	map acl inherit = yes          
> > > > > > >> Remove the last two lines, they have no place on a   
> > DC and in  
> > > > > > >> fact you have turned off one of the required vfs
> > > > > > >> objects.          
> > > > > > > Done.
> > > > > > >          
> > > > > > >>> [homes]
> > > > > > >>> 	path = /home/win_shares/homes
> > > > > > >>> 	read only = no          
> > > > > > >> I would rename [homes] to [users], [homes] is a   
> > special share  
> > > > > > >> that does not require the 'path' parameter and   
> > normally uses  
> > > > > > >> the users Unix directory path and you are using a Windows
> > > > > > >> user home directory path.          
> > > > > > > Done.
> > > > > > >
> > > > > > > All seems to be hard. Now I'm able to see security tab,
> > > > > > > but when I select it the application crash.
> > > > > > >
> > > > > > > I tried to set profile but when I open Active   
> > Directory Users  
> > > > > > > and Computers I receive: Naming information cannot   
> > be located  
> > > > > > > for the following reason: The server is not operational.
> > > > > > >
> > > > > > > :-((
> > > > > > >
> > > > > > >          
> > > > > > Firewall or Apparmor or Selinux getting in the way ?
> > > > > > 
> > > > > > Rowland
> > > > > > 
> > > > > > 
> > > > > >         
> > > > > 
> > > > > I updated Windows 10 to the latest update, removed the   
> > Windows PC  
> > > > > from the domain and putted it again.
> > > > > 
> > > > > Now Active Directory Users and Computers doesn't start.
> > > > > 
> > > > > I'm unable to use Computer Management to perform the   
> > steps to set  
> > > > > home directories because it crashes.
> > > > > 
> > > > > I tried to set the homes using File explorer, going to   
> > the shared  
> > > > > resources and creating the home directory but I receive that I
> > > > > haven't permission to create a folder
> > > > > under /home/win_shares/users.
> > > > > 
> > > > > Before I added my account to Unix Admins and Domain Admins. 
> > > > > 
> > > > > I set log level to 10 but I'm unable to see if there is issues
> > > > > scrolling thousand of lines.
> > > > > 
> > > > > I don't know what fish to catch anymore :-((
> > > > >       
> > > > 
> > > > In the windows log events I've the following error:
> > > > the processing of Group Policy failed. Windows could not   
> > resolve the  
> > > > user name. This could be caused by one of more of the
> > > > following : a) Name Resolution failure on the current domain
> > > > controller b) Active Directory Replication Latency
> > > > 
> > > >     
> > > 
> > > 
> > > No ideas?
> > > 
> > > 
> > >   
> > 
> > At the end I'll to abandon samba :-((
> > I'm really sad
> > 
> > -- 
> > -----------------------------------------------------------
> >   Enrico Morelli
> >   System Administrator | Programmer | Web Developer
> > 
> >   CERM - Polo Scientifico
> >   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> > ------------------------------------------------------------
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> >   
> 
> 



-- 
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------

More information about the samba mailing list