Roaming profiles, permissions
Jason Todd
todd.4 at wright.edu
Wed Nov 22 21:08:38 GMT 2000
Hi, here are 3 questions I've been fighting with...
Background: I'm running Samba 2.0.7 on RedHat 7.0 (kernel 2.2.16-22smp).
This machine is set up as a "PDC" managing domain logons. All client
machines are NT 4, varying service packs but I think all are at least SP4,
and the problems below even occur on SP6.
1) Problem: Certain users get the message "could not find your profile,
contact your network administrator" or something like that, and they are
kicked right out after trying to log in. I check the Samba logs, and they
are showing connections to the appropriate shares (including the home
share). I peeked around in the registry, comparing the users' "profile
location" key with that of users experiencing no problems, and couldn't
find any discrepancies. However, in C:\WINNT\Profiles, for one problem
user in particular (and a few others), there are several "username.###"
and "username.###.bak" entries, with ### ranging from 000 upward. Maybe
that is a clue to the solution or cause.
2) Problem: I suspect this might be related to #1 above. My own
personal account on the domain will not let me change any HKLU registry
settings. I think other users are experiencing this one, too. In the
domain "logon.bat" file, I have
"NET USE x: \\MACHINENAME\SHARE /PERSISTENT:NO"
to map a few network drives. The /PERSISTENT:NO causes the command to
return an error about not being able to save a profile registry setting
(about saving drive connections). Other peculiarities:
2a) Logging in, I always get the stupid "Welcome to NT" window.
2b) I set a new wallpaper and click OK, it doesn't take.
2c) I set a new desktop color and click OK, it DOES take.
In addition, each client machine keeps listing an "DOMAIN\Account unknown"
in its user manager, permissions boxes, etc. I think it believes that
"Account Unknown" owns the registry, or at least the HKLU branch.
3) How-to: This one is much simpler, how do I map NT groups to UNIX
groups? I've heard rumors of a "domain group map" or similar parameter,
but seen no documentation on it or the format of the map file. I simply
want to create a UNIX group, such as "power" and then specify that each
user in that UNIX group will be a Power User on the NT domain. If this
can be done, I'd like to know how, or if it can't yet, that's fine (I
suppose :).
I know this is a lengthy message, but I've been trying to research those
questions for a while with no luck. Thanks to anyone who can provide good
info to me.
Jason Todd
More information about the samba-ntdom
mailing list