[Samba] Moving homes from PDC server to large fileserver

David neruocomp at yahoo.com
Fri Jul 14 17:43:44 GMT 2006

Background: 10 windows clients which also boot linux
and solaris.  A samba PDC+LDAP(ver 3.0.22) working on
a server local to the clients(ie on same subnet). 
Recently recieved large Sun fileserver to house all
homes and lab data.  It is hosted in the server room
used by our university(so different subnet).  All user
and nis info is in our ldap server, so autofs is used
on all of our linux and solaris boxes.

Right now all homes are automounted to the Samba PDC
server, so those posix locking errors show up.  I read
about the nis homedir and homedir map options and
installed samba on the fileserver as a domain member. 
I can link directly to it using map network drive in
windows.  But when I log into the windows clients, the
PDC still serves the homes from itself(having them
automounted).  My understanding was that these options
would tell the client to do a smb connect to the
filesever for the home directories.  

Here is the smb.conf of the PDC:
	workgroup = CBI
	netbios name = PDC
	map to guest = Bad User
	encrypt passwords = yes
	passdb backend = ldapsam:ldap://xxx.xxx.xxx.xxx
	log level = 2
	syslog = 0
	time server = Yes
	deadtime = 10
	socket options = TCP_NODELAY SO_RCVBUF=8192
	add user script = /usr/sbin/smbldap-useradd -m '%u'
	delete user script = /usr/sbin/smbldap-userdel %u
	add group script = /usr/sbin/smbldap-groupadd -p '%g'
	delete group script = /usr/sbin/smbldap-group-del
	add user to group script = /usr/sbin/smbldap-groupmod
-m '%u' '%g'
	delete user from group script =
/usr/sbin/smbldap-groupmod -x '%u' '%g'
	set primary group script = /usr/sbin/smbldap-usermod
-g '%g' '%u'
	add machine script = /usr/sbin/smbldap-useradd -w
	logon path = \\%L\profiles
	logon drive = X:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 64
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap admin dn = cn=samba,ou=DSA,dc=xxx,dc=xxx,dc=xxx
	ldap group suffix = ou=group
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=machines
	ldap passwd sync = Yes
	ldap suffix = dc=xxx,dc=xxx,dc=xxx
	ldap ssl = start tls
	ldap user suffix = ou=people
##	printer admin = '@Print, Operators'
	printing = cups
	create mask = 0640
	directory mask = 0750
	case sensitive = No
	dont descend =
	nis homedir = yes
	homedir map = auto.home

	comment = Home Directories
	path = %p
	valid users = %S
	read only = No
	directory mask = 0700
	locking = No

	comment = Network Logon Service
	path = /etc/samba/netlogon
	guest ok = Yes

	path = /home/%u/.profile
	valid users = %U, '@Domain, Admins'
	force user = %U
	read only = No
	create mask = 0600
	directory mask = 0700
	profile acls = Yes
	browseable = No
	csc policy = disable

And here is the smb.conf of the fileserver:
	interfaces = ce0
	bind interfaces only = yes
        encrypt passwords = yes
        workgroup = CBI
        security = domain
        name resolve order = wins bcast host
        deadtime = 5
        ldap machine suffix = ou=machines
        ldap admin dn =
        preferred master = no
        ldap idmap suffix = ou=Idmap
        allow trusted domains = yes
        netbios name = cajal
        lanman auth = YES
        ldap group suffix = ou=group
        wins support = no
        ldap user suffix = ou=people
        ldap suffix = dc=xxx,dc=xxx,dc=xxx
        ldap passwd sync = Yes
        ldap ssl = start tls
        wins server = xxx.xxx.xxx.xxx
        max smbd processes = 0
        server string = cajal
        winbind trusted domains only = Yes
        os level = 8
        passdb backend =
        socket options = TCP_NODELAY SO_RCVBUF=8192
#       auth methods = guest winbind
        local master = no
        domain master = no
        use spnego = yes
#       printer admin = @admin, @staff, unknown
        ntlm auth = YES
	syslog = 0
        log level = 0

        read only = No
        valid users = %S
        comment = Home Directories
	path = /tray1/home/%u

Any ideas?

Physics is like sex: sure, it may give some practical results, but that's not why we do it. ~ Richard Feynman

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the samba mailing list