[Samba] Roaming profiles cannot be used fully unless a member
of "Domain Admins"
Craig White
craigwhite at azapple.com
Sat Apr 8 16:46:23 GMT 2006
what is output of
ls -l /home/samba/samba-ntprof
I'm wondering of the profiles have been created with permissions that
aren't usable without adjustment.
Craig
On Sat, 2006-04-08 at 09:36 -0700, sh test wrote:
> Craig,
>
> Yup. sid shows as S-1-5-21-2890933770-3660815257-1026551046
>
> and Start => System => Advanced => User Profiles
>
> shows the users as Roaming
>
>
>
>
> Craig White <craigwhite at azapple.com> wrote:
> Are their machines joined to the domain?
>
> What is output of 'net getlocalsid' ?
>
> is it S-1-5-21-2890933770-3660815257-1026551046 ?
>
> if you check on the Windows system where roaming profiles
> aren't
> working...
>
> Start => System => Advanced => User Profiles => do they show
> as roaming?
>
> Craig
>
> On Sat, 2006-04-08 at 08:08 -0700, sh test wrote:
> > Craig!
> >
> > Thanks for the reply.
> >
> > I addedd
> >
> > profile acls = yes
> > csc policy = disable
> >
> > also, my
> >
> > drwxrwxrwt 4 root users 4096 Apr 7
> 21:48 /home/samba/samba-ntprof/
> >
> > and all the users are in the users's group
> >
> > users:x:100:jeremy,todd,matt
> >
> > Restarted samba after the above change and still no-go
> >
> >
> >
> > Craig White wrote:
> > On Fri, 2006-04-07 at 20:36 -0700, sh test wrote:
> > > Hello!
> > >
> > > This is my setup
> > >
> > > Using 3.0.14a-3sarge on Deb.
> > >
> > > This is my smb.conf file
> > > ----------------------------------------
> > > # Global parameters
> > > [global]
> > > workgroup = MYWORKGROUP
> > > server string = Samba Server
> > > obey pam restrictions = Yes
> > > passwd program = /usr/bin/passwd %u
> > > passwd chat = *New*password* %n\n *Retype*new*password* %n
> \n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > > #turn this on for loggin purposes
> > > #log level = 4
> > > log file = /var/log/samba/%m.log
> > > max log size = 0
> > > time server = Yes
> > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > > add user script = /usr/sbin/useradd -m %u
> > > delete user script = /usr/sbin/userdel -r %u
> > > add group script = /usr/sbin/groupadd %g
> > > delete group script = /usr/sbin/groupdel %g
> > > add user to group script = /usr/sbin/usermod -G %g %u
> > > add machine script = /usr/sbin/useradd -s /bin/false \
> > > -d /dev/null %u
> > > logon path = \\%L\profiles\%u
> > > logon drive = H:
> > > domain logons = Yes
> > > os level = 65
> > > preferred master = Yes
> > > domain master = Yes
> > > dns proxy = No
> > > wins support = Yes
> > > hosts allow = 192.168.
> > > ;--000000000000000000000000000000000000000
> > > ;--keep this options disabled
> > > ;--since they generate a lot of disk space
> > > ;--000000000000000000000000000000000000000
> > > ;recyclebin options
> > > #recycle:exclude = *.tmp *.temp *.o *.obj ~$*
> > > #recycle:keeptree = True
> > > #recycle:touch = True
> > > #recycle:versions = True
> > > #recycle:noversions = .doc|.xls|.ppt
> > > #recycle:repository = %u's_network_Recycle_Bin
> > > #recycle:maxsize = 10000000
> > > create mask = 0777
> > > directory mask = 0777
> > > #vfs objects = recycle
> > > [homes]
> > > comment = Home Directories
> > > read onfiltered= No
> > > create mask = 0664
> > > directory mask = 0775
> > > invalid users = mp3
> > > [Shared]
> > > comment = Miscellaneous Shared Files
> > > read onfiltered= No
> > > create mask = 0664
> > > directory mask = 0775
> > > path = /home/samba/Shared
> > > invalid users = mp3
> > >
> > > [tmp]
> > > comment = Temporary Share
> > > path = /tmp
> > > read onfiltered= No
> > > invalid users = mp3
> > >
> > > [mp3s]
> > > comment = Mp3 files
> > > path = /export/mp3s
> > >
> > > [netlogon]
> > > comment = Network Logon Service
> > > path = /home/samba/netlogon
> > > browseable = No
> > > [profiles]
> > > path = /home/samba/samba-ntprof
> > > read onfiltered= No
> > > create mask = 0600
> > > directory mask = 0700
> > > browseable = No
> > > invalid users = mp3
> > > [backup]
> > > comment = backup files
> > > path = /export/backup
> > > read onfiltered= No
> > > create mask = 0600
> > > directory mask = 0700
> > > valid users = john
> > > invalid users = mp3
> > >
> > > ------------------------------------------------------
> > >
> > > net groupmap list shows
> > >
> > > System Operators (S-1-5-32-549) -> -1
> > > Replicators (S-1-5-32-552) -> -1
> > > Guests (S-1-5-32-546) -> -1
> > > Domain Guests
> > (S-1-5-21-2890933770-3660815257-1026551046-514) -> -1
> > > Domain Admins
> > (S-1-5-21-2890933770-3660815257-1026551046-512) ->
> > domainadmins
> > > Power Users (S-1-5-32-547) -> -1
> > > Print Operators (S-1-5-32-550) -> -1
> > > Administrators (S-1-5-32-544) -> -1
> > > Account Operators (S-1-5-32-548) -> -1
> > > Domain Users
> (S-1-5-21-2890933770-3660815257-1026551046-513)
> > -> users
> > > Backup Operators (S-1-5-32-551) -> -1
> > > Users (S-1-5-32-545) -> -1
> > >
> > >
> > > /etc/group contains
> > >
> > > domainadmins:x:112:john
> > > users:x:100:jeremy,todd,matt
> > >
> > > ---------------------------------------------
> > >
> > > Issue is: All besides john, who's a member of "Domain
> > Admins" can login
> > > just fine. However, the roaming profile seem not to be
> > writeable to it, since
> > > any changes, say a bookmark on Firefox would not be saved
> > during next login.
> > >
> > > Also, if one were to hit Start button, there'd be no
> > "history" of previously
> > > run programs that displays generally.
> > >
> > > My Start->Run history also is not there
> > >
> > >
> > >
> > > Please advice on what I'm doing wrong/missing.
> > >
> > >
> > > Appreciate the assistance in advance
> > ----
> > try adding....
> >
> > [profiles]
> > > path = /home/samba/samba-ntprof
> > > read onfiltered= No
> > > create mask = 0600
> > > directory mask = 0700
> > > browseable = No
> > > invalid users = mp3
> > profile acls = yes
> > csc policy = disable
> >
> > also - check permissions on directory...
> >
> > ls -ld /home/samba/samba-ntprof
> >
> > s/b something like
> >
> > rwxrwxr_x root users
> >
> > chmod 775 /home/samba/samba-ntprof
> > chown root:users /home/samba/samba-ntprof
> >
> > and I am assuming that all 'users' are added to the 'users'
> > group
> >
> > Craig
> >
>
>
>
>
>
>
> ______________________________________________________________________
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
> rates starting at 1¢/min.
More information about the samba
mailing list