[Samba] 2.2.3a PDC Win2K Citrix Profiles

David Mulcahy david.mulcahy at eseol.co.uk
Mon Mar 11 12:48:03 GMT 2002


Hi

Dont quote me on this but I was/am experiencing exactly the same things and
these are some observations i have made.  Hopefully somebody with more
experience with samba may pick up on some of the following and correct me.

1. The cryptic chars in the Domain User Group is now fixed as of 2.2.4pre
2.  The Domain User Group and Domain Admin Groups are now obsolete in the
smb.conf (as of 2.2.1 I think)  Do these settings still work?
3.  I think If you use the %u macro the profile folder will be created with
the correct user.
4. Be very careful when testing profiles and certainly keep a backup.  I
deleted all my files and folders in user test when i logged on as test using
the following.  Using Win2k I may add.

domain admin group = test (I know - I didnt know it was obsolete either)
logon path = \\%L\%U

You might get away with logon path = \\%L\%u but frankly I have give up
trying.

Hope Some of that helps

Its confused the hell out of me.

David Mulcahy

>This weekend I upgraded SAMBA from 2.2.2 to 2.2.3a then made it the PDC on
>our LAN. Original PDC was an NT4 Server. There is a Win2K Server running
>Citrix Metaframe-XP, and the old NT4 PDC Server was replaced with another
>Win2K
>Server to be the Database Server. I didn't want to bother with setting Win2K
>up as a DNS and DFS/ADS Server (required for being a PDC), so selected to
>make SAMBA the PDC for simplicity, robustness, etc. - all the reasons why we
>love SAMBA! Read all HOW_TOs and perused the mailing list archives. Got both
>Win2K Servers to join Domain no problem.
>
>There are a few quirks I'd like to pass on:
>
>Domain Admins:
>
>Selecting 'Domain Admins' in any Win2K Folder Security for assignment
>returns an error 'Unable to lookup user names for display'. I have
>'Administrator' mapped to 'ntadmin' (Linux user with group root privileges)
>and in smb.conf 'domain admin group = ntadmin gkelley'.
>
>Domain Users:
>
>The display for Domain Users in any Win2K Folder Security for assignment
>shows 5 garbage characters so the name is unreadable and returns the same
>message as Domain Admins
>
>Win2K Profiles:
>
>The default profile type in Win2K is Roaming for each new user. If you set

'>logon path = \\SRVR\profiles\U%' and set [profiles] where dir mask = 0700,

>you get an error when logging in the Win2K user and the Profile Folder is
>not created (if user does not have admin rights). If I manually create the
>user's profile folder and chmod 0770 and chgrp <user> <user> so that the
>user's group (themself) has access then they can Login to Win2K and not get
>the error. Profile files are saved in their Profile Folder (and on the Win2K
>Server), and a WINDOWS\system folder is created in their SAMBA Home
>Folder with several files. If I change the dir mask to 0770 in the
>[profiles] share and remove the user profile folder, then the profile folder

i>s created correctly.

>If I change the Profile type on Win2K from Roaming to Local, then there are
>no files saved in their Profile Folder on SAMBA but is saved just on the
>Win2K Server and a WINDOWS\system folder is still created in their
>SAMBA Home Folder and contains several files. The Profile Folder is not
>created if it doesn't exist.
>
>This may be how Win2K intercts with SAMBA PDC, but the 0700 dir mask is
>wrong
>and a user's Profile Folder is created with user:root and group:<user> by
>default so 0700 would never allow the user access.
>
>If you remove 'logon path = ' and don't create a [profiles] share in
>smb.conf, you get the profiles saved in the user's Home Folder as a folder
>called 'profiles' if their profile type is Roaming.
>
>Rgds,

-------------------------------------------------------




More information about the samba mailing list