[Samba] Roaming profiles cannot be used fully unless a member of "Domain Admins"

sh test shmailtest at yahoo.com
Sat Apr 8 15:08:34 GMT 2006 

Craig!

Thanks for the reply.

I addedd 

      profile acls = yes
      csc policy = disable

also, my 

drwxrwxrwt  4 root users 4096 Apr  7 21:48 /home/samba/samba-ntprof/

and all the users are in the users's group

users:x:100:jeremy,todd,matt

Restarted samba after the above change and still no-go



Craig White <craigwhite at azapple.com> wrote: On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
>   Hello!
> 
> This is my setup
> 
> Using 3.0.14a-3sarge on Deb.
> 
> This is my smb.conf file
> ----------------------------------------
> # Global parameters
> [global]
>         workgroup = MYWORKGROUP
>         server string = Samba Server
>         obey pam restrictions = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
>         #turn this on for loggin purposes
>         #log level = 4
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         time server =  Yes
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add user script = /usr/sbin/useradd -m %u
>         delete user script = /usr/sbin/userdel -r %u
>         add group script = /usr/sbin/groupadd %g
>         delete group script = /usr/sbin/groupdel %g
>         add user to group script = /usr/sbin/usermod -G %g %u
>         add machine script = /usr/sbin/useradd -s /bin/false \
> -d /dev/null %u
>         logon path = \\%L\profiles\%u
>         logon drive = H:
>         domain logons = Yes
>         os level =  65
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         hosts allow = 192.168.
>         ;--000000000000000000000000000000000000000
>         ;--keep this options disabled
>         ;--since they generate a lot of disk space
>         ;--000000000000000000000000000000000000000
>         ;recyclebin options
>         #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
>         #recycle:keeptree = True
>         #recycle:touch =  True
>         #recycle:versions = True
>         #recycle:noversions = .doc|.xls|.ppt
>         #recycle:repository = %u's_network_Recycle_Bin
>         #recycle:maxsize = 10000000
>         create mask = 0777
>         directory mask = 0777
>         #vfs objects = recycle
> [homes]
>         comment = Home Directories
>         read onfiltered= No
>         create mask = 0664
>         directory mask = 0775
>         invalid users = mp3
> [Shared]
>         comment = Miscellaneous Shared  Files
>         read onfiltered= No
>         create mask = 0664
>         directory mask = 0775
>         path = /home/samba/Shared
>         invalid users = mp3
> 
> [tmp]
>         comment = Temporary Share
>         path = /tmp
>         read onfiltered= No
>         invalid users = mp3
> 
> [mp3s]
>         comment = Mp3 files
>         path = /export/mp3s
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         browseable =  No
> [profiles]
>         path = /home/samba/samba-ntprof
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         invalid users = mp3
> [backup]
>         comment = backup files
>         path = /export/backup
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         valid users = john
>         invalid users = mp3
> 
> ------------------------------------------------------
> 
> net groupmap list  shows
> 
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
> Domain Admins (S-1-5-21-2890933770-3660815257-1026551046-512) -> domainadmins
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513) -> users
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> 
> 
> /etc/group contains
> 
> domainadmins:x:112:john
> users:x:100:jeremy,todd,matt
> 
> ---------------------------------------------
> 
> Issue is: All besides john, who's a member of "Domain Admins" can login
> just fine.  However, the roaming profile seem not to be writeable to it, since
> any changes, say a bookmark on Firefox would not be saved during  next login.
> 
> Also, if one were to hit Start button, there'd be no "history" of previously 
> run programs that displays generally.
> 
> My Start->Run history also is not there
> 
> 
> 
> Please advice on what I'm doing wrong/missing.
> 
> 
> Appreciate the assistance in advance
----
try adding....

[profiles]
>         path = /home/samba/samba-ntprof
>         read onfiltered= No
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>         invalid users = mp3
      profile acls = yes
      csc policy = disable

also - check permissions on directory...

ls -ld /home/samba/samba-ntprof

s/b something like

rwxrwxr_x  root users

chmod 775 /home/samba/samba-ntprof
chown root:users /home/samba/samba-ntprof

and I am assuming that all 'users' are added to the 'users' group

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


		
---------------------------------
How low will we go? Check out Yahoo! Messenger’s low  PC-to-Phone call rates.

More information about the samba mailing list