[Samba] Roaming profiles cannot be used fully unless a member of "Domain Admins"

sh test shmailtest at yahoo.com
Sat Apr 8 16:36:43 GMT 2006


Craig,

Yup. sid shows as S-1-5-21-2890933770-3660815257-1026551046

and Start => System => Advanced => User Profiles

shows the users as Roaming




Craig White <craigwhite at azapple.com> wrote: Are their machines joined to the domain?

What is output of 'net getlocalsid' ?

is it S-1-5-21-2890933770-3660815257-1026551046  ?

if you check on the Windows system where roaming profiles aren't
working...

Start => System => Advanced => User Profiles => do they show as roaming?

Craig

On Sat, 2006-04-08 at 08:08 -0700, sh test wrote:
> Craig!
> 
> Thanks for the reply.
> 
> I addedd 
> 
> profile acls = yes
> csc policy = disable
> 
> also, my 
> 
> drwxrwxrwt  4 root users 4096 Apr  7 21:48 /home/samba/samba-ntprof/
> 
> and all the users are in the users's group
> 
> users:x:100:jeremy,todd,matt
> 
> Restarted samba after the above change and still no-go
> 
> 
> 
> Craig White  wrote:
>         On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
>         > Hello!
>         > 
>         > This is my setup
>         > 
>         > Using 3.0.14a-3sarge on Deb.
>         > 
>         > This is my smb.conf file
>         > ----------------------------------------
>         > # Global parameters
>         > [global]
>         > workgroup = MYWORKGROUP
>         > server string = Samba Server
>         > obey pam restrictions = Yes
>         > passwd program = /usr/bin/passwd %u
>         > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>         *passwd:*all*authentication*tokens*updated*successfully*
>         > #turn this on for loggin purposes
>         > #log level = 4
>         > log file = /var/log/samba/%m.log
>         > max log size = 0
>         > time server = Yes
>         > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         > add user script = /usr/sbin/useradd -m %u
>         > delete user script = /usr/sbin/userdel -r %u
>         > add group script = /usr/sbin/groupadd %g
>         > delete group script = /usr/sbin/groupdel %g
>         > add user to group script = /usr/sbin/usermod -G %g %u
>         > add machine script = /usr/sbin/useradd -s /bin/false \
>         > -d /dev/null %u
>         > logon path = \\%L\profiles\%u
>         > logon drive = H:
>         > domain logons = Yes
>         > os level = 65
>         > preferred master = Yes
>         > domain master = Yes
>         > dns proxy = No
>         > wins support = Yes
>         > hosts allow = 192.168.
>         > ;--000000000000000000000000000000000000000
>         > ;--keep this options disabled
>         > ;--since they generate a lot of disk space
>         > ;--000000000000000000000000000000000000000
>         > ;recyclebin options
>         > #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
>         > #recycle:keeptree = True
>         > #recycle:touch = True
>         > #recycle:versions = True
>         > #recycle:noversions = .doc|.xls|.ppt
>         > #recycle:repository = %u's_network_Recycle_Bin
>         > #recycle:maxsize = 10000000
>         > create mask = 0777
>         > directory mask = 0777
>         > #vfs objects = recycle
>         > [homes]
>         > comment = Home Directories
>         > read onfiltered= No
>         > create mask = 0664
>         > directory mask = 0775
>         > invalid users = mp3
>         > [Shared]
>         > comment = Miscellaneous Shared Files
>         > read onfiltered= No
>         > create mask = 0664
>         > directory mask = 0775
>         > path = /home/samba/Shared
>         > invalid users = mp3
>         > 
>         > [tmp]
>         > comment = Temporary Share
>         > path = /tmp
>         > read onfiltered= No
>         > invalid users = mp3
>         > 
>         > [mp3s]
>         > comment = Mp3 files
>         > path = /export/mp3s
>         > 
>         > [netlogon]
>         > comment = Network Logon Service
>         > path = /home/samba/netlogon
>         > browseable = No
>         > [profiles]
>         > path = /home/samba/samba-ntprof
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > browseable = No
>         > invalid users = mp3
>         > [backup]
>         > comment = backup files
>         > path = /export/backup
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > valid users = john
>         > invalid users = mp3
>         > 
>         > ------------------------------------------------------
>         > 
>         > net groupmap list shows
>         > 
>         > System Operators (S-1-5-32-549) -> -1
>         > Replicators (S-1-5-32-552) -> -1
>         > Guests (S-1-5-32-546) -> -1
>         > Domain Guests
>         (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
>         > Domain Admins
>         (S-1-5-21-2890933770-3660815257-1026551046-512) ->
>         domainadmins
>         > Power Users (S-1-5-32-547) -> -1
>         > Print Operators (S-1-5-32-550) -> -1
>         > Administrators (S-1-5-32-544) -> -1
>         > Account Operators (S-1-5-32-548) -> -1
>         > Domain Users (S-1-5-21-2890933770-3660815257-1026551046-513)
>         -> users
>         > Backup Operators (S-1-5-32-551) -> -1
>         > Users (S-1-5-32-545) -> -1
>         > 
>         > 
>         > /etc/group contains
>         > 
>         > domainadmins:x:112:john
>         > users:x:100:jeremy,todd,matt
>         > 
>         > ---------------------------------------------
>         > 
>         > Issue is: All besides john, who's a member of "Domain
>         Admins" can login
>         > just fine. However, the roaming profile seem not to be
>         writeable to it, since
>         > any changes, say a bookmark on Firefox would not be saved
>         during next login.
>         > 
>         > Also, if one were to hit Start button, there'd be no
>         "history" of previously 
>         > run programs that displays generally.
>         > 
>         > My Start->Run history also is not there
>         > 
>         > 
>         > 
>         > Please advice on what I'm doing wrong/missing.
>         > 
>         > 
>         > Appreciate the assistance in advance
>         ----
>         try adding....
>         
>         [profiles]
>         > path = /home/samba/samba-ntprof
>         > read onfiltered= No
>         > create mask = 0600
>         > directory mask = 0700
>         > browseable = No
>         > invalid users = mp3
>         profile acls = yes
>         csc policy = disable
>         
>         also - check permissions on directory...
>         
>         ls -ld /home/samba/samba-ntprof
>         
>         s/b something like
>         
>         rwxrwxr_x root users
>         
>         chmod 775 /home/samba/samba-ntprof
>         chown root:users /home/samba/samba-ntprof
>         
>         and I am assuming that all 'users' are added to the 'users'
>         group
>         
>         Craig
>         




		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1&cent;/min.


More information about the samba mailing list