Samba4 AD up and running

Marc Muehlfeld samba at marc-muehlfeld.de
Mon Feb 11 11:17:12 MST 2013 

Am 10.02.2013 23:17, schrieb Paul Macdonnell:
>> 2. Can you access the \\server\profiles share from windows (or by smbclient)?
>
> Yes, I can.  From both.
> I see nothing from either client.  But that's because there's nothing
> in the server directory, too.
>
>> 3. Can you access \\server\profiles\%Username% from windows?
>
> No.  It comes back with the error message:
> Windows cannot find \\server\profiles\paul.  Check the spelling and
> try again, or try searching ...."

That's normal, because you said, that \\server\profiles is currently 
empty. Then it of course you can't enter into a non-existend 'paul' 
folder, either.





>> 4. Can you place a file in \\server\profiles\%Username%?

See above.




> No.  But if change the permissions on var/profiles/ to 1777 (same
> var/spool) I AM able to create files in \\server\profiles.
> # ls -dl var/profiles/
> drwxrwxrwt 3 root root 4096 2013-02-11 07:37 profiles/

I currently have my profiles on a 3.6.x server. My profiles folder has 
the permissions 2770 and belongs to group "Domain Users". In my smb.conf 
I have also this options set:
         force create mode = 0600
         directory mode = 0700
This allows all of 'domain users', to create a folder on the share, and 
the two smb.conf options make sure, that nobody else comes in. But I 
haven't tested, if this still works on 4.x, too. Shares on 4.x you can 
fully configure by windows, so this maybe doesn't work any more.





> However, if I try all of this with the domain name, instead of the
> server name, it all fails.
> In my ADUC, I have the domain name.  I'm changing over to the server
> name and see how this goes.
> Yep, I changed over to:
> \\server\profiles\%USERNAME% (replacing with the appropriate username)
> and it all works.
> # ls -l var/profiles/
> total 64
> drwxrwxrwx+ 3 3000000 users  4096 2013-02-11 07:42 New Folder
> drwxrwxrwx+ 2 3000000 users  4096 2013-02-11 07:58 New folder (2)
> drwxrwx---+ 2 3000020 users  4096 2013-02-11 08:13 paul.V2
> -rwxrwxrwx+ 1 3000000 users 34652 2008-04-14 19:00 README.HTM
>
> What is the difference between accessing the shares with the server
> name, rather than the domain name?
> Is there a preferred method?

What the difference is in this case, I can't tell you. But I think using 
the domain name instead of the profile server name here, isn't a good 
idea. If you have just one DC, it shouldn't matter if it would work at 
all. But if you have multiple, you have to ensure, that the profiles 
have to be replicated to all others.



Regards,
Marc

More information about the samba-technical mailing list