[Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP
Is Used
Brian White
bcwhite at precidia.com
Tue May 23 01:37:33 GMT 2006
> Version: 3.0.14a (debian stable: 3sarge1)
I just upgraded to 3.0.22 (debian "testing") and have the same problem.
I could really use some help on this one!!!
> I'm just about finished converting our company's network from NIS to
> LDAP. Part of that involved updating Samba to use that same directory
> so all the information is maintained in one place.
>
> Most everything is good, except that my roaming profiles won't work. My
> smb.conf file is attached.
>
> Upping the log level eventually showed messages like this:
>
> [2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
> unix_convert called on file "%u"
> [2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
> stat_cache_lookup: lookup failed for name [%U]
> [2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
> unix_convert begin: name = %u, dirpath = , start = %u
>
> I traced this to the "logon path" configuration item. Samba is choosing
> the value from the smb.conf file because I don't have these values set
> within the LDAP directory; I just want to use the default generated one.
>
> However, it semes that Samba is NOT substituting the "%u" in this case
> even though it was when LDAP was not in use. At least "logon path" and
> "logon home" are affected; maybe more.
>
> To verify, I manually changed every "%u" in the smb.conf file to
> "bcwhite" and then I can log on with my profile and home directory just
> fine. An okay solution for me, but the rest of my users might complain.
>
> Since my users are expecting to return tomorrow (after a long weekend)
> and use their WinXP machines, I'd appreciate it if someone can shed some
> light on this problem asap.
>
> Thanks much!!!
>
> ------------------------------------------------------------------------
>
> ;
> ; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $
> ;
>
> [global]
> printing = cups
> printcap = cups
> load printers = yes
> guest account = guest
> invalid users = root
> dont descend = /proc,/dev
> unix extensions = no
> bind interfaces only = no
> interfaces = eth1 eth2
> netbios aliases = titan share shell profiles
>
> ; don't risk problems with buggy dos programs (Visual C++) getting wrong timestamp
> dos filetime resolution = yes
>
> ; "security = user" is always a good idea. This will require a Unix account
> ; in this server for every user accessing the server.
> security = user
>
> ; Change this for the workgroup your Samba server will part of
> workgroup = precidia
>
> server string = %h Server (Samba %v)
>
> ; If you want Samba to log though syslog only then set the following
> ; parameter to 'yes'. Please note that logging through syslog in
> ; Samba is still experimental.
> syslog only = no
>
> ; We want Samba to log a minimum amount of information to syslog. Everything
> ; should go to /var/log/{smb,nmb} instead. If you want to log through
> ; syslog you should set the following parameter to something higher.
> syslog = 0;
>
> ; This socket options really speed up Samba under Linux, according to my
> ; own tests.
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
>
> ; Passwords are encrypted by default. This way the latest Windows 95 and NT
> ; clients can connect to the Samba server with no problems.
> encrypt passwords = yes
> passdb backend = ldapsam:ldap://localhost
>
> ; It's always a good idea to use a WINS server. If you want this server
> ; to be the WINS server for your network change the following parameter
> ; to "yes". Otherwise leave it as "no" and specify your WINS server
> ; below (note: only one Samba server can be the WINS server).
> ; Read BROWSING.txt for more details.
> wins support = yes
>
> ; If this server is not the WINS server then specify who is it and uncomment
> ; next line.
> ; wins server = 172.16.0.10
>
> ; Please read BROWSING.txt and set the next four parameters according
> ; to your network setup.
> os level = 99
> local master = yes
> preferred master = yes
>
> ; Domain stuff
> domain master = yes
> domain logons = yes
> ;; domain group map = /etc/samba/domain-group.map
> ;; domain user map = /etc/samba/domain-user.map
> ;; local group map = /etc/samba/local-group.map
> logon path = \\profiles\profiles\%u
> logon home = \\shell\%u
> logon drive = u:
> logon script = logon.bat
> ;; add user script = /etc/samba/addhost %u
>
> ; What naming service and in what order should we use to resolve host names
> ; to IP addresses
> name resolve order = host bcast
>
> ; This will enable nmbd to search for NetBIOS names through DNS.
> dns proxy = yes
>
> ; Name mangling options
> preserve case = yes
> short preserve case = yes
> mangled names = yes
> mangle prefix = 5
> mangling method = hash
>
> ; LDAP settings
> ldap admin dn = uid=samba,ou=Services,dc=precidia
> ldap suffix = dc=precidia
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Hosts
> ldap replication sleep = 1000
> ldap password sync = true
> ldapsam:trusted = true
>
> ; For Unix password sync. to work on a Debian GNU/Linux system, the following
> ; parameters must be set (thanks to Culus for pointing this out):
> check password script = /usr/local/sbin/pwcheck
> unix password sync = false
> ; passwd program = /usr/local/sbin/ldappasswd --unix %u
> ; passwd chat = * %n\n
>
> ; The following parameter is useful only if you have the linpopup package
> ; installed. The samba maintainer and the linpopup maintainer are
> ; working to ease installation and configuration of linpopup and samba.
> ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
>
> ; The default maximum log file size is 5 MBytes. That's too big so this
> ; next parameter sets it to 1 MByte. Currently, Samba rotates log
> ; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
> ; A better solution would be to have Samba rotate the log file upon
> ; reception of a signal, but for now on, we have to live with this.
> max log size = 1000
> log level = 0
>
> [homes]
> comment = Home Directory
> browseable = no
> read only = no
> create mask = 0664
> directory mask = 0775
>
> [printers]
> comment = Printers
> printer admin = root, @winadmin
> path = /var/spool/samba
> browseable = no
> printable = yes
> public = yes
> writable = no
> create mode = 0700
>
> [print$]
> comment = Printer Drivers
> path = /etc/samba/drivers
> browseable = yes
> guest ok = no
> read only = yes
> write list = root
>
> [netlogon]
> comment = Logon Scripts
> path = /usr/local/win32/netlogon
> read only = yes
> public = no
> browseable = no
>
> [profiles]
> comment = User Profiles
> path = /var/data/profiles
> create mask = 0600
> directory mask = 0700
> read only = no
> public = yes
> browseable = no
> profile acls = yes
>
> ; A sample share for sharing your CD-ROM with others.
>
> ;[cdrom]
> ; comment = CD-ROM Drive
> ; writable = no
> ; locking = no
> ; path = /cdrom
> ; public = yes
> ; fake oplocks = yes
> ;
> ; The next two parameters show how to auto-mount a CD-ROM when the
> ; cdrom share is accesed. For this to work /etc/fstab must contain
> ; an entry like this:
> ;
> ; /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
> ;
> ; The CD-ROM gets unmounted automatically after the connection to the
> ;
> ; If you don't want to use auto-mounting/unmounting make sure the CD
> ; is mounted on /cdrom
> ;
> ; preexec = /bin/mount /cdrom
> ; postexec = /bin/umount /cdrom
>
> [titan]
> comment = Precidia Technologies, Inc.
> path = /home/tolkien/titan
> public = yes
> writable = no
> fake oplocks = yes
> locking = no
>
> [tmp]
> comment = Temporary Files
> path = /usr/local/tmp
> create mode = 0666
> public = yes
> writable = yes
>
>
Brian
( bcwhite at precidia.com )
-------------------------------------------------------------------------------
Until we are first independent, we cannot be interdependent.
More information about the samba
mailing list