[Samba] Roaming profiles cannot be used fully unless a member
of "Domain Admins"
Craig White
craigwhite at azapple.com
Sat Apr 8 05:01:26 GMT 2006
On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
> Hello!
>
> This is my setup
>
> Using 3.0.14a-3sarge on Deb.
>
> This is my smb.conf file
> ----------------------------------------
> # Global parameters
> [global]
> workgroup = MYWORKGROUP
> server string = Samba Server
> obey pam restrictions = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
> #turn this on for loggin purposes
> #log level = 4
> log file = /var/log/samba/%m.log
> max log size = 0
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false \
> -d /dev/null %u
> logon path = \\%L\profiles\%u
> logon drive = H:
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> hosts allow = 192.168.
> ;--000000000000000000000000000000000000000
> ;--keep this options disabled
> ;--since they generate a lot of disk space
> ;--000000000000000000000000000000000000000
> ;recyclebin options
> #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
> #recycle:keeptree = True
> #recycle:touch = True
> #recycle:versions = True
> #recycle:noversions = .doc|.xls|.ppt
> #recycle:repository = %u's_network_Recycle_Bin
> #recycle:maxsize = 10000000
> create mask = 0777
> directory mask = 0777
> #vfs objects = recycle
> [homes]
> comment = Home Directories
> read onfiltered= No
> create mask = 0664
> directory mask = 0775
> invalid users = mp3
> [Shared]
> comment = Miscellaneous Shared Files
> read onfiltered= No
> create mask = 0664
> directory mask = 0775
> path = /home/samba/Shared
> invalid users = mp3
>
> [tmp]
> comment = Temporary Share
> path = /tmp
> read onfiltered= No
> invalid users = mp3
>
> [mp3s]
> comment = Mp3 files
> path = /export/mp3s
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> browseable = No
> [profiles]
> path = /home/samba/samba-ntprof
> read onfiltered= No
> create mask = 0600
> directory mask = 0700
> browseable = No
> invalid users = mp3
> [backup]
> comment = backup files
> path = /export/backup
> read onfiltered= No
> create mask = 0600
> directory mask = 0700
> valid users = john
> invalid users = mp3
>
> ------------------------------------------------------
>
> net groupmap list shows
>
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
> Domain Admins (S-1-5-21-2890933770-3660815257-1026551046-512) -> domainadmins
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513) -> users
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
>
>
> /etc/group contains
>
> domainadmins:x:112:john
> users:x:100:jeremy,todd,matt
>
> ---------------------------------------------
>
> Issue is: All besides john, who's a member of "Domain Admins" can login
> just fine. However, the roaming profile seem not to be writeable to it, since
> any changes, say a bookmark on Firefox would not be saved during next login.
>
> Also, if one were to hit Start button, there'd be no "history" of previously
> run programs that displays generally.
>
> My Start->Run history also is not there
>
>
>
> Please advice on what I'm doing wrong/missing.
>
>
> Appreciate the assistance in advance
----
try adding....
[profiles]
> path = /home/samba/samba-ntprof
> read onfiltered= No
> create mask = 0600
> directory mask = 0700
> browseable = No
> invalid users = mp3
profile acls = yes
csc policy = disable
also - check permissions on directory...
ls -ld /home/samba/samba-ntprof
s/b something like
rwxrwxr_x root users
chmod 775 /home/samba/samba-ntprof
chown root:users /home/samba/samba-ntprof
and I am assuming that all 'users' are added to the 'users' group
Craig
More information about the samba
mailing list