[Samba] Re: Profile creation - thanks for the (lack) of help
Simo Sorce
simo.sorce at xsec.it
Fri May 31 07:11:28 GMT 2002
On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
> Note that from the client's point of view security = domain is the same
> as security = user . It only affects how the server deals with the
> authentication, it does not in any way affect what the client sees.
>
> Since the systems are able to authenticate, this is not an issue.
I have yet not understood if your server is a PDC or not.
If it is, these 4 parameters MUST be set this way:
domain logons = yes
domain master = yes
security = user
encrypt password = yes
> > try a path with no leading '.'
> > logon path = \\student\homes\%u\ntprofile
>
> Even if you were correct, it worked before (and still is working
> elsewhere), it should work now.
I think this is not a problem.
> I thought about dealing with this diplomaticly - but enough is enough.
> There is nothing wrong with using the homes directories like I do. The
> lines refered to in the man pages simply don't recommend it. Well, if
> you have ever worked for a University, you would understand the amount
> of overhead involved. Creating essentially two account locations for
> evey user is ridiculous.
I have an my setup involved a simple [profile] share with 1777
permissions on it, and that's not a lot of work to do (I had more than
1000 users).
Recommendations exist for a purpose ... it's up to you to decide if they
match your case.
thinking a bit more in this case I think you may have 2 combined
problems:
1. the use of the home directory to store profiles
2. the use of letter Z to map the home directory
unfortunately I do not have handing any url, but I remember clearly that
with later clients (w2k, XP) there are problems with the Z drive.
In fact it is not available to be mapped until the user logged in and at
that point the profile thing is yet over!
It is not a samba problem, Microsoft changed it this way (can't remember
why).
So I would advice you do 2 things:
change the home drive letter or setup a profile share and change the
logon path directive.
> Furthermore, this PDC is set to "local master = no" for a reason.
> Election. I have 14 other colleges at this university that are NOT
> running Linux (yes, there are still people out there that use Windows).
> Windows PDC's have fits when this is set to yes. They lose out on
> elections. If set to false then nmbd will not attempt to become a
> local master browser on a subnet and will also lose in all browsing
> elections. With a class B subnet, this is a GOOD THING.
a class B NOT subnetted to C classes? That's should be a broadcast
nightmare ...
(if your server is not a PDc you should NOT made it be a domain master!,
local master should be ok, and would be better to use a wins server)
> And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
> REALLY? Well, I'll be... I thought only M$ released patches.
> Seriously, I was trying (appearantly not hard enough) to make light of
> my supervisor's lack of knowledge about Samba (AND all the extra work
> it forced me to do). <sarcasm>Lord knows I would much rather be seen
> a fool by the Samba community.</sarcasm> This should never have been
> an issue.
?? you are stressed, take a breath
> I want to appologize to those of you who work tirelessly on the Samba
> project. I also want to thank the attempts at trying to help me. But,
> they were of ZERO aid. Nit-picking at these minor issues does not help
> me with the big picture. Just answer me this - If the windows systems
> are able to verify the domain and authenticate, why does the w2k system
> right corrupt profile data? If the NT system is able to create a
> profile, why can't it us it? That's it.
ok, let's try to stay tune and find the roots of your problems!
I do not know what you have made before and how much you get frustrated,
but 90% of users that ask for help generally have simple (!?)
configuration problems so the way I personally answered is my standard
first stage answer, no insulting were intended, and if so I apologize.
Simo.
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20020531/b3c7eae1/attachment.bin
More information about the samba
mailing list