[Samba] Roaming Profiles with Samba PDC
Scott Millhisler
sjmlistread at sjm.net
Tue Mar 11 01:03:54 GMT 2003
First of all, I would like to thank you for your prompt reply.
Unfortunately you lost me on a couple of issues and I am hoping that you can clarify them.
We exchanged:
>> # User profile path
>> logon path = \\%N\home\%u\ntprofile
>
>Suggest you try:
>
> logon path = \\%L\home\%U\ntprofile
>
>Make absolutely sure that the directory 'ntprofile' exists (and is
>writable) - BEFORE - the uyser logs on.
>
>A MUCH better suggestion is to put profiles in a 'profiles' share, that is
>the way it is done in MS Windows land. It allows you to set more suitable
>smb.conf parameters for profile handling for the shared resource for which
>it may be needed.
>
>In this case you would have a share like:
>
>[Profiles]
> comment = Roaming Profile Share
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
>
>and the following to match it:
>
> logon path = \\%L\Profiles\%U
In this exchange you indicate that it would be better to have a 'profiles' share, contrasting it to my global definition of logon path. I am not sure if you saw it or not, but in my original message it was a profiles share defined at the end. It did differ from yours in that the path pointed to the science have used in the global area.
I created a profiles directory under the samba directory as indicated above. Do I need to create subdirectories in that profiles directory for all of the users before they logon or will Windows create the subdirectories as needed during a user's first logon?
Also, you wrote to set my logon path to \\%L\Profiles\%U to match 'it'. What 'it' are you referring to? Should this logon path the set in the profiles share definitions or the global, thus replacing the one I have there now? I currently do not have a profiles directory off of root, which is where I assume that would be referring to, but I can certainly create one. Either that, or do I totally misunderstand the usage of %L?
---------- Original Message ----------------------------------
From: John H Terpstra <jht at samba.org>
Date: Mon, 10 Mar 2003 18:36:31 +0000 (GMT)
>On Mon, 10 Mar 2003, Scott Millhisler wrote:
>
>> I have been working on this problem for quite some time now and have not
>> been able to find the solution.
>
>Please see comments below.
>
>- John T.
>
>>
>> I have Samba running on Debian Linux 3.0 (Woody) as a primary domain
>> controller. From my Windows 2000 desktop I am able to browse that Linux
>> server with Windows Explorer.
>>
>> My biggest problem is trying to log in to that domain. Under Windows
>> 2000 I am able to join the domain (sjmlinux) but after I restart the
>> Windows desktop and attempt to log in to that domain, Windows gives me a
>> message like, "cannot create profile directory
>> \\servername\profiledirectory.pds". It then the proceeds to assign me a
>> generic profile that cannot be updated.
>>
>> The profile directory has fairly liberal write access so the Windows
>> machine should have sufficient rights to create or delete any files or
>> directories it deems necessary. One, of many, things I do not
>> understand is where the .pds suffix that the message indicates is coming
>> from. It certainly is not what I have defined for the profile directory
>> in smb.conf is and it is not something that I have seen before.
>>
>> I have seen some documents that referred to creating a policy file
>> (*.pol) with the Windows server policy editor tool. However, I
>> understand profiles to be much more than a single file and that actually
>> a directory structure that contain everything desktop colors to your
>> recent files list. Under Windows 2000 this is essentially what you see
>> in your subdirectory of the Documents and Settings folder.
>>
>> I am sure that somebody must have seen this issue before as I have seen
>> reference to it in the archives; I had just never seen what the solution
>> is. Below is a snippet of my smb.conf file that I believe would contain
>> the pertinent information.
>>
>> [global]
>>
>> # Change this for the workgroup/NT-domain name your Samba server will part of
>> workgroup = sjmlinux
>> netbios name = sjmpdc
>>
>> # server string is the equivalent of the NT Description field
>> server string = %h server (Samba %v)
>>
>> guest account = nobody
>> invalid users = root
>>
>> # This tells Samba to use a separate log file for each machine
>> # that connects
>> log file = /var/log/samba/log.%m
>>
>> # Put a capping on the size of the log files (in Kb).
>> max log size = 1000
>>
>> # We want Samba to log a minimum amount of information to syslog. Everything
>> # should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
>> # through syslog you should set the following parameter to something higher.
>> syslog = 0
>>
>> # "security = user" is always a good idea. This will require a Unix account
>> # in this server for every user accessing the server. See
>> # security_level.txt for details.
>> security = user
>>
>> # You may wish to use password encryption. Please read ENCRYPTION.txt,
>> # Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
>> # option unless you have read those documents
>> encrypt passwords = true
>>
>> # Support Domain logins
>> domain logons = true
>>
>> # Admin group (temp solution)
>> domain admin group = @staff
>>
>>
>> # Where is the user's home directory and what is the drive
>> logon drive = H:
>> logon home = \\%N\home\%u\pchome
>
>Suggest you se this to:
>
> logon home = \\%L\home\%U\pchome
>
>Again making sure that the directory 'pchome' exits and is writable.
>
>> # User profile path
>> logon path = \\%N\home\%u\ntprofile
>
>Suggest you try:
>
> logon path = \\%L\home\%U\ntprofile
>
>Make absolutely sure that the directory 'ntprofile' exists (and is
>writable) - BEFORE - the uyser logs on.
>
>A MUCH better suggestion is to put profiles in a 'profiles' share, that is
>the way it is done in MS Windows land. It allows you to set more suitable
>smb.conf parameters for profile handling for the shared resource for which
>it may be needed.
>
>In this case you would have a share like:
>
>[Profiles]
> comment = Roaming Profile Share
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
>
>and the following to match it:
>
> logon path = \\%L\Profiles\%U
>>
>> # Specify a generic logon script for all users
>> # this is a relative **DOS** path to the [netlogon] share
>> logon script = logon.bat
>>
>> # Most people will find that this option gives better performance.
>> # See speed.txt and the manual pages for details
>> # You may want to add the following on a Linux system:
>> # SO_RCVBUF=8192 SO_SNDBUF=8192
>> socket options = TCP_NODELAY
>>
>> # set local master to no if you don't want Samba to become a master
>> # browser on your network. Otherwise the normal election rules apply
>> local master = yes
>>
>> # OS Level determines the precedence of this server in master browser
>> # elections. The default value should be reasonable
>> os level = 64
>>
>> domain master = yes
>> preferred master = yes
>>
>> wins support = yes
>>
>> # This will prevent nmbd to search for NetBIOS names through DNS.
>> dns proxy = no
>>
>> # Name mangling options
>> preserve case = yes
>>
>> unix password sync = true
>>
>> # Some defaults for winbind (make sure you're not using the ranges
>> # for something else.)
>> winbind uid = 10000-20000
>> winbind gid = 10000-20000
>> template shell = /bin/bash
>>
>> #======================= Share Definitions =======================
>>
>> [homes]
>> comment = Home Directories
>> browseable = yes
>>
>> # By default, the home directories are exported read-only. Change next
>> # parameter to 'yes' if you want to be able to write to them.
>> writable = yes
>>
>> # File creation mask is set to 0700 for security reasons. If you want to
>> # create files with group=rw permissions, set next parameter to 0775.
>> create mask = 0775
>>
>> # Directory creation mask is set to 0700 for security reasons. If you want to
>> # create dirs. with group=rw permissions, set next parameter to 0775.
>> directory mask = 0775
>>
>> valid users = %u
>> guest ok = no
>> path = /home/%u/pchome
>>
>> # Un-comment the following and create the netlogon directory for Domain Logons
>> # (you need to configure Samba to act as a domain controller too.)
>> [netlogon]
>> comment = Network Logon Service
>> path = /home/samba/netlogon
>> guest ok = yes
>> writable = no
>> share modes = no
>> write list = @staff
>>
>> # Share for User's profiles
>> [profiles]
>> path = /home/%u/ntprofile
>> writable = yes
>> directory mode = 0700
>> create mode = 0600
>>
>> ----------------
>> Sincerely,
>>
>> Scott Millhisler
>> SJM Computer Consulting
>>
>>
>
>--
>John H Terpstra
>Email: jht at samba.org
>
More information about the samba
mailing list