Roaming profiles, permissions

Jason Todd todd.4 at wright.edu
Wed Nov 22 21:08:38 GMT 2000 

Hi, here are 3 questions I've been fighting with...

Background:  I'm running Samba 2.0.7 on RedHat 7.0 (kernel 2.2.16-22smp).
This machine is set up as a "PDC" managing domain logons.  All client
machines are NT 4, varying service packs but I think all are at least SP4,
and the problems below even occur on SP6.

1)  Problem:  Certain users get the message "could not find your profile,
contact your network administrator" or something like that, and they are
kicked right out after trying to log in.  I check the Samba logs, and they
are showing connections to the appropriate shares (including the home
share).  I peeked around in the registry, comparing the users' "profile
location" key with that of users experiencing no problems, and couldn't
find any discrepancies.  However, in C:\WINNT\Profiles, for one problem
user in particular (and a few others), there are several "username.###"
and "username.###.bak" entries, with ### ranging from 000 upward.  Maybe
that is a clue to the solution or cause.

2)  Problem:  I suspect this might be related to #1 above.  My own
personal account on the domain will not let me change any HKLU registry
settings.  I think other users are experiencing this one, too.  In the
domain "logon.bat" file, I have
	"NET USE x: \\MACHINENAME\SHARE /PERSISTENT:NO"
to map a few network drives.  The /PERSISTENT:NO causes the command to
return an error about not being able to save a profile registry setting
(about saving drive connections).  Other peculiarities:
	2a) Logging in, I always get the stupid "Welcome to NT" window.
	2b) I set a new wallpaper and click OK, it doesn't take.
	2c) I set a new desktop color and click OK, it DOES take.
In addition, each client machine keeps listing an "DOMAIN\Account unknown"
in its user manager, permissions boxes, etc.  I think it believes that
"Account Unknown" owns the registry, or at least the HKLU branch.

3)  How-to:  This one is much simpler, how do I map NT groups to UNIX
groups?  I've heard rumors of a "domain group map" or similar parameter,
but seen no documentation on it or the format of the map file.  I simply
want to create a UNIX group, such as "power" and then specify that each
user in that UNIX group will be a Power User on the NT domain.  If this
can be done, I'd like to know how, or if it can't yet, that's fine (I
suppose  :).

I know this is a lengthy message, but I've been trying to research those
questions for a while with no luck.  Thanks to anyone who can provide good
info to me.

Jason Todd

More information about the samba-ntdom mailing list