[Samba] 2.2.3a PDC Win2K Citrix Profiles

Greg Kelley gkelley at londavia.com
Mon Mar 11 05:33:03 GMT 2002


This weekend I upgraded SAMBA from 2.2.2 to 2.2.3a then made it the PDC on
our LAN. Original PDC was an NT4 Server. There is a Win2K Server running
Citrix Metaframe-XP, and the old NT4 PDC Server was replaced with another
Win2K
Server to be the Database Server. I didn't want to bother with setting Win2K
up as a DNS and DFS/ADS Server (required for being a PDC), so selected to
make SAMBA the PDC for simplicity, robustness, etc. - all the reasons why we
love SAMBA! Read all HOW_TOs and perused the mailing list archives. Got both
Win2K Servers to join Domain no problem.

There are a few quirks I'd like to pass on:

Domain Admins:

Selecting 'Domain Admins' in any Win2K Folder Security for assignment
returns an error 'Unable to lookup user names for display'. I have
'Administrator' mapped to 'ntadmin' (Linux user with group root privileges)
and in smb.conf 'domain admin group = ntadmin gkelley'.

Domain Users:

The display for Domain Users in any Win2K Folder Security for assignment
shows 5 garbage characters so the name is unreadable and returns the same
message as Domain Admins.

Win2K Profiles:

The default profile type in Win2K is Roaming for each new user. If you set
'logon path = \\SRVR\profiles\U%' and set [profiles] where dir mask = 0700,
you get an error when logging in the Win2K user and the Profile Folder is
not created (if user does not have admin rights). If I manually create the
user's profile folder and chmod 0770 and chgrp <user> <user> so that the
user's group (themself) has access then they can Login to Win2K and not get
the error. Profile files are saved in their Profile Folder (and on the Win2K
Server), and a WINDOWS\system folder is created in their SAMBA Home
Folder with several files. If I change the dir mask to 0770 in the
[profiles] share and remove the user profile folder, then the profile folder
is created correctly.

If I change the Profile type on Win2K from Roaming to Local, then there are
no files saved in their Profile Folder on SAMBA but is saved just on the
Win2K Server and a WINDOWS\system folder is still created in their
SAMBA Home Folder and contains several files. The Profile Folder is not
created if it doesn't exist.

This may be how Win2K intercts with SAMBA PDC, but the 0700 dir mask is
wrong
and a user's Profile Folder is created with user:root and group:<user> by
default so 0700 would never allow the user access.

If you remove 'logon path = ' and don't create a [profiles] share in
smb.conf, you get the profiles saved in the user's Home Folder as a folder
called 'profiles' if their profile type is Roaming.

Rgds,

________________________
Greg Kelley, IT Director
Londavia, Inc. and
Britannic Aviation UK
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH  03801
603.766.3005
http://www.londavia.com
http://www.britannicaviation.com
SSA, EAA, AOPA
CFII SEL,MEL; Comm Glider
N5506M @ KDAW






More information about the samba mailing list