[Samba] Roaming profiles cannot be used fully unless a member
of "Domain Admins"
Craig White
craigwhite at azapple.com
Sat Apr 8 16:16:57 GMT 2006
Are their machines joined to the domain?
What is output of 'net getlocalsid' ?
is it S-1-5-21-2890933770-3660815257-1026551046 ?
if you check on the Windows system where roaming profiles aren't
working...
Start => System => Advanced => User Profiles => do they show as roaming?
Craig
On Sat, 2006-04-08 at 08:08 -0700, sh test wrote:
> Craig!
>
> Thanks for the reply.
>
> I addedd
>
> profile acls = yes
> csc policy = disable
>
> also, my
>
> drwxrwxrwt 4 root users 4096 Apr 7 21:48 /home/samba/samba-ntprof/
>
> and all the users are in the users's group
>
> users:x:100:jeremy,todd,matt
>
> Restarted samba after the above change and still no-go
>
>
>
> Craig White <craigwhite at azapple.com> wrote:
> On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
> > Hello!
> >
> > This is my setup
> >
> > Using 3.0.14a-3sarge on Deb.
> >
> > This is my smb.conf file
> > ----------------------------------------
> > # Global parameters
> > [global]
> > workgroup = MYWORKGROUP
> > server string = Samba Server
> > obey pam restrictions = Yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> > #turn this on for loggin purposes
> > #log level = 4
> > log file = /var/log/samba/%m.log
> > max log size = 0
> > time server = Yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > add user script = /usr/sbin/useradd -m %u
> > delete user script = /usr/sbin/userdel -r %u
> > add group script = /usr/sbin/groupadd %g
> > delete group script = /usr/sbin/groupdel %g
> > add user to group script = /usr/sbin/usermod -G %g %u
> > add machine script = /usr/sbin/useradd -s /bin/false \
> > -d /dev/null %u
> > logon path = \\%L\profiles\%u
> > logon drive = H:
> > domain logons = Yes
> > os level = 65
> > preferred master = Yes
> > domain master = Yes
> > dns proxy = No
> > wins support = Yes
> > hosts allow = 192.168.
> > ;--000000000000000000000000000000000000000
> > ;--keep this options disabled
> > ;--since they generate a lot of disk space
> > ;--000000000000000000000000000000000000000
> > ;recyclebin options
> > #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
> > #recycle:keeptree = True
> > #recycle:touch = True
> > #recycle:versions = True
> > #recycle:noversions = .doc|.xls|.ppt
> > #recycle:repository = %u's_network_Recycle_Bin
> > #recycle:maxsize = 10000000
> > create mask = 0777
> > directory mask = 0777
> > #vfs objects = recycle
> > [homes]
> > comment = Home Directories
> > read onfiltered= No
> > create mask = 0664
> > directory mask = 0775
> > invalid users = mp3
> > [Shared]
> > comment = Miscellaneous Shared Files
> > read onfiltered= No
> > create mask = 0664
> > directory mask = 0775
> > path = /home/samba/Shared
> > invalid users = mp3
> >
> > [tmp]
> > comment = Temporary Share
> > path = /tmp
> > read onfiltered= No
> > invalid users = mp3
> >
> > [mp3s]
> > comment = Mp3 files
> > path = /export/mp3s
> >
> > [netlogon]
> > comment = Network Logon Service
> > path = /home/samba/netlogon
> > browseable = No
> > [profiles]
> > path = /home/samba/samba-ntprof
> > read onfiltered= No
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> > invalid users = mp3
> > [backup]
> > comment = backup files
> > path = /export/backup
> > read onfiltered= No
> > create mask = 0600
> > directory mask = 0700
> > valid users = john
> > invalid users = mp3
> >
> > ------------------------------------------------------
> >
> > net groupmap list shows
> >
> > System Operators (S-1-5-32-549) -> -1
> > Replicators (S-1-5-32-552) -> -1
> > Guests (S-1-5-32-546) -> -1
> > Domain Guests
> (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
> > Domain Admins
> (S-1-5-21-2890933770-3660815257-1026551046-512) ->
> domainadmins
> > Power Users (S-1-5-32-547) -> -1
> > Print Operators (S-1-5-32-550) -> -1
> > Administrators (S-1-5-32-544) -> -1
> > Account Operators (S-1-5-32-548) -> -1
> > Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513)
> -> users
> > Backup Operators (S-1-5-32-551) -> -1
> > Users (S-1-5-32-545) -> -1
> >
> >
> > /etc/group contains
> >
> > domainadmins:x:112:john
> > users:x:100:jeremy,todd,matt
> >
> > ---------------------------------------------
> >
> > Issue is: All besides john, who's a member of "Domain
> Admins" can login
> > just fine. However, the roaming profile seem not to be
> writeable to it, since
> > any changes, say a bookmark on Firefox would not be saved
> during next login.
> >
> > Also, if one were to hit Start button, there'd be no
> "history" of previously
> > run programs that displays generally.
> >
> > My Start->Run history also is not there
> >
> >
> >
> > Please advice on what I'm doing wrong/missing.
> >
> >
> > Appreciate the assistance in advance
> ----
> try adding....
>
> [profiles]
> > path = /home/samba/samba-ntprof
> > read onfiltered= No
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> > invalid users = mp3
> profile acls = yes
> csc policy = disable
>
> also - check permissions on directory...
>
> ls -ld /home/samba/samba-ntprof
>
> s/b something like
>
> rwxrwxr_x root users
>
> chmod 775 /home/samba/samba-ntprof
> chown root:users /home/samba/samba-ntprof
>
> and I am assuming that all 'users' are added to the 'users'
> group
>
> Craig
>
More information about the samba
mailing list