[Samba] Samba PDC problem
Nicola Murino
n.murino at theorematica.it
Tue Jul 12 08:32:17 GMT 2005
My clients are windows xp sp2, however there is the same function:
Start->Run->gpedit.msc
LocalComputerPolicy -> ComputerConfiguration
AdministrativeTemplates -> System -> User Profile -> Do not check for
user ownership of Roaming profiles set to enable
now a basic PDC works :-),
thanks
Nicola
P.S. If this is a common problem (I have this issue with different samba
versions on different distributions) maybe would be a good idea insert
this issue in samba faq or in documentation such as samba by example or
other samba official doc (excuse me if it is already inserted)
Пустовалов Леонид Тимофеевич ha scritto:
>Hello Nicola,
>
>Monday, July 11, 2005, 8:16:16 PM, you wrote:
>
>if client = windows 2000
>try to Start -> Run -> gpedit.msc
>LocalComputerPolicy -> ComputerConfiguration ->
>AdministrativeTemplates -> System -> Logon -> Do not check for user
>ownership of Roaming profiles
>set to Enable
>
>NM> Hi all,
>
>NM> I'm trying to configure samba as PDC, I have a problem when windows
>NM> client log in this is the error:
>
>NM> Windows cannot load the profile and is logging you on with a temporary
>NM> profile. Changes you make to this profile will be lost when you log off
>
>NM> I have samba-3.0.11 and smbldap-tools-0.8.8. I tryed also samba-3.0.14
>NM> and smbldap-tools-0-9.1, I have the same problem on Gentoo and on Fedora
>NM> Core4
>
>NM> my configuration file
>
>NM> smb.conf:
>
>NM> [global]
>NM> workgroup = THEOREMATICA
>NM> netbios name = FERRARI
>NM> enable privileges = yes
>NM> interfaces = 10.88.77.201
>NM> bind interfaces only = yes
>NM> username map = /etc/samba/smbusers
>NM> server string = Samba PDC Server
>NM> hosts allow = 10.88.77.0/24 127.0.0.0/8
>NM> security = user
>NM> encrypt passwords = Yes
>NM> min passwd length = 3
>NM> obey pam restrictions = No
>NM> #unix password sync = Yes
>NM> #passwd program = /usr/sbin/smbldap-passwd -u %u
>NM> #passwd chat = "Changing password for*\nNew password*" %n\n
>NM> "*Retype new password*" %n\n"
>NM> ldap passwd sync = Yes
>NM> log level = 0
>NM> syslog = 0
>NM> log file = /var/log/samba/log.%m
>NM> max log size = 100000
>NM> time server = Yes
>NM> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>NM> mangling method = hash2
>NM> Dos charset = 850
>NM> Unix charset = ISO8859-1
>
>NM> logon script = STARTUP.BAT
>NM> #logon script =
>NM> #logon drive = H:
>NM> logon drive =
>NM> #logon home = \\%L\%U
>NM> logon home =
>NM> #logon path = \\%L\profiles\%U
>NM> logon path =
>
>NM> domain logons = Yes
>NM> #os level = 65
>NM> os level = 200
>NM> preferred master = Yes
>NM> domain master = Yes
>NM> wins support = Yes
>NM> name resolve order = wins lmhosts hosts bcast
>NM> dns proxy = no
>NM> passdb backend = ldapsam:ldap://127.0.0.1/
>NM> # passdb backend = ldapsam:"ldap://127.0.0.1/
>NM> ldap://slave.idealx.com"
>NM> # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>NM> ldap admin dn = cn=Manager,dc=theorematica,dc=it
>NM> ldap suffix = dc=theorematica,dc=it
>NM> ldap group suffix = ou=Groups
>NM> ldap user suffix = ou=Users
>NM> ldap machine suffix = ou=Computers
>NM> ldap idmap suffix = ou=Users
>NM> #ldap ssl = start tls
>NM> add user script = /usr/sbin/smbldap-useradd -m "%u"
>NM> ldap delete dn = Yes
>NM> #delete user script = /usr/sbin/smbldap-userdel "%u"
>NM> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>NM> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>NM> #delete group script = /usr/sbin/smbldap-groupdel "%g"
>NM> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>NM> delete user from group script = /usr/sbin/smbldap-groupmod -x
>NM> "%u" "%g"
>NM> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
>NM> # printers configuration
>NM> printer admin = @"Print Operators"
>NM> load printers = Yes
>NM> create mask = 0640
>NM> directory mask = 0750
>NM> nt acl support = No
>NM> printing = cups
>NM> printcap name = cups
>NM> deadtime = 10
>NM> guest account = nobody
>NM> map to guest = Bad User
>NM> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>NM> show add printer wizard = yes
>NM> ; to maintain capital letters in shortcuts in any of the profile folders:
>NM> preserve case = yes
>NM> short preserve case = yes
>NM> case sensitive = no
>
>NM> [homes]
>NM> comment = Directory personale di %U, %u
>NM> read only = No
>NM> create mask = 0644
>NM> directory mask = 0775
>NM> browseable = No
>
>NM> [netlogon]
>NM> path = /var/lib/samba/netlogon
>NM> browseable = No
>NM> read only = yes
>
>NM> [doc]
>NM> path=/usr/share/doc
>NM> public=yes
>NM> writable=no
>NM> read only=no
>NM> create mask = 0750
>NM> guest ok = Yes
>
>NM> [profiles]
>NM> path = /var/lib/samba/profiles
>NM> writable = yes
>NM> create mask = 0600
>NM> directory mask = 0700
>NM> # browseable = no
>NM> # default case = lower
>NM> # preserve case = no
>NM> # short preserve case = no
>NM> # case sensitive = no
>NM> # hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>NM> # guest ok = no
>NM> #profile acls = Yes
>NM> # profile acls = No
>NM> # csc policy = disable
>NM> # next line is a great way to secure the profiles
>NM> # force user = %U
>NM> # next line allows administrator to access all profiles
>NM> #valid users = %U @"Domain Admins"
>NM> #valid users = %U
>NM> #root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e
>NM> $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
>
>NM> I tryed most combinations of the commented options in profiles section
>
>NM> ls -la /var/lib/samba/profiles/
>NM> total 0
>NM> drwxr-x--- 4 root root 96 Jul 11 18:51 .
>NM> drwxr-xr-x 6 root root 144 Jun 23 21:16 ..
>NM> drwx------ 2 nicola Domain Users 48 Jul 11 18:20 nicola
>NM> drwx------ 2 test Domain Users 48 Jul 11 17:54 test
>
>NM> please some suggestions,
>
>NM> thanks
>NM> Nicola
>
>
>
>
>
More information about the samba
mailing list