Profile creation - thanks for the (lack) of help

Simo Sorce simo.sorce at xsec.it
Fri May 31 07:11:01 GMT 2002


On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
> Note that from the client's point of view security = domain is the same
> as security = user . It only affects how the server deals with the
> authentication, it does not in any way affect what the client sees.
> 
> Since the systems are able to authenticate, this is not an issue.


I have yet not understood if your server is a PDC or not.
If it is, these 4 parameters MUST be set this way:

domain logons = yes
domain master = yes
security = user
encrypt password = yes


> > try a path with no leading '.'
> >         logon path = \\student\homes\%u\ntprofile
> 
> Even if you were correct, it worked before (and still is working
> elsewhere), it should work now.

I think this is not a problem.

> I thought about dealing with this diplomaticly - but enough is enough.
> There is nothing wrong with using the homes directories like I do.  The
> lines refered to in the man pages simply don't recommend it.  Well, if
> you have ever worked for a University, you would understand the amount
> of overhead involved.  Creating essentially two account locations for
> evey user is ridiculous.

I have an my setup involved a simple [profile] share with 1777
permissions on it, and that's not a lot of work to do (I had more than
1000 users).
Recommendations exist for a purpose ... it's up to you to decide if they
match your case.

thinking a bit more in this case I think you may have 2 combined
problems:
1. the use of the home directory to store profiles
2. the use of letter Z to map the home directory

unfortunately I do not have handing any url, but I remember clearly that
with later clients (w2k, XP) there are problems with the Z drive.
In fact it is not available to be mapped until the user logged in and at
that point the profile thing is yet over!
It is not a samba problem, Microsoft changed it this way (can't remember
why).

So I would advice you do 2 things:
change the home drive letter or setup a profile share and change the
logon path directive.

> Furthermore, this PDC is set to "local master = no" for a reason.
> Election.  I have 14 other colleges at this university that are NOT
> running Linux (yes, there are still people out there that use Windows).
> Windows PDC's have fits when this is set to yes.  They lose out on
> elections.  If set to false then nmbd will not attempt to become a
> local master browser on a subnet and will also lose in all browsing
> elections.  With a class B subnet, this is a GOOD THING.

a class B NOT subnetted to C classes? That's should be a broadcast
nightmare ... 

(if your server is not a PDc you should NOT made it be a domain master!,
local master should be ok, and would be better to use a wins server)

> And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
> REALLY?  Well, I'll be... I thought only M$ released patches.
> Seriously,  I was trying (appearantly not hard enough) to make light of 
> my supervisor's lack of knowledge about Samba (AND all the extra work 
> it forced me to do). <sarcasm>Lord knows I would much rather be seen 
> a fool by the Samba community.</sarcasm>  This should never have been 
> an issue.
?? you are stressed, take a breath

> I want to appologize to those of you who work tirelessly on the Samba
> project.  I also want to thank the attempts at trying to help me.  But,
> they were of ZERO aid.  Nit-picking at these minor issues does not help
> me with the big picture.  Just answer me this - If the windows systems
> are able to verify the domain and authenticate, why does the w2k system
> right corrupt profile data?  If the NT system is able to create a
> profile, why can't it us it?  That's it.

ok, let's try to stay tune and find the roots of your problems!

I do not know what you have made before and how much you get frustrated,
but 90% of users that ask for help generally have simple (!?)
configuration problems so the way I personally answered is my standard
first stage answer, no insulting were intended, and if so I apologize.

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020531/b3c7eae1/attachment.bin


More information about the samba-technical mailing list