[Samba] RE: Roaming Profile, LDAP, samba PDC/(pseudo)BDC, and nt acl support
Adam Fairhall
Adam.Fairhall at opus.co.nz
Wed Mar 27 16:44:02 GMT 2002
I've done some further testing cutting down the smb.conf file to the
bare minimum and now only have a single pdc. With ldap it is still
necessary to ctrl-alt-del before you can logout, shutdown, etc
properly. If you don't you end up with a blank screen and have to hit
ctrl-alt-del and use the Windows Security Settings popup to logout,
shutdown or reboot.
The first time you hit ctrl-alt-del nothing seems to happen, the popup
doesn't appear. This particular problem doesn't appear to be related at
all to profiles.
If I switch to using a non ldap compiled samba (and remove the ldap
lines from the smb.conf file) everything starts working smoothly. I
took the log level up to 256 in both ldap and nonldap versions and have
the logs available, but since they're 1.5MB and 0.9MB respectively
(compressed) I'll offer to forward them on to individuals rather than
post them to the list.
In addition if you have ldap configured and 'map hidden' & 'map system'
set to 'yes', you have the same problem and work around as appears in
the README.Win2kSP2 file. ie you need to set 'nt acl support = no' for
the profile share. As soon as you stop using ldap it no longer matters.
As far as environment goes the only things left that I could see
affecting this are the versions we are using.
Samba 2.2.3a
Kernel 2.2.19 (debian potato)
OpenLDAP 2.0.18
the simplified smb.conf (with a couple of substitutions)
[global]
workgroup = OPUS.CO.NZ
netbios name = <hostname>
encrypt passwords = Yes
log level = 1
log file = /var/samba/log.%m
load printers = No
domain admin group = root, @onv7
logon path = \\%N\profile\%U
logon drive = z:
domain logons = Yes
preferred master = True
domain master = True
wins support = Yes
ldap server = <ldapserver>
ldap port = 389
ldap suffix = <base dn>
ldap admin dn = <root dn>
ldap ssl = no
lock dir = /var/samba/locks
NIS homedir = Yes
read only = No
[homes]
comment = homedrive of %U
browseable = No
[profile]
comment = User Profiles
path = /var/samba/profile
create mask = 0770
directory mask = 0770
nt acl support = No
browseable = No
and just in case from the slapd.conf file
#######################################################################
# access control
#######################################################################
defaultaccess read
access to attrs=lmPassword,ntPassword
by dn=<root dn> write
by * none
access to filter=(mailentry=no)
by * none
access to attr=userpasswd
by * compare
access to dn=<base dn>
by self write
by * read
Thanks
Adam
:->
More information about the samba
mailing list