[Samba] Profile permissions issue? Samba and FDS problem

Craig White craigwhite at azapple.com
Thu Oct 19 01:26:01 GMT 2006 

You probably should verify...

getent group (does it enumerate groups)

net groupmap list (do your groups work and do they map to your SID's)?

a sample group

Craig

On Wed, 2006-10-18 at 13:30 -0500, Robert Beaty wrote:
> First some information on the system set up.
> OS: CentOS 4.3
> Samba 3.0.10
> FDS 7.1
> 
> Samba is acting as a PDC for our network. We have both windows 2000 and
> windows XP client machines. They are all joined to our domain. Everything
> "seems" to be fine except that when a user logs into a machine they can not
> make even simple changes to setting such as folder options (ie. view file
> extensions). Our previous set up was using Samba 2 and OpenLDAP. Users whos
> profiles and ldap entries were created uder that system do not have this
> problem (these olders users where converted and imported into FDS). Only the
> users which have been added since the switch have this problem. The uid's
> are following the same path as previously and profiles are being copied from
> a default windows profile directory. The users are members of the "Domain
> Users" group with has sid 513 and maps to the unix group 2513 also "Domain
> Users". The Domain Users group is under the users group on the windows
> clients. Profile folder permissions are set to username:"Domain Users" and
> they have wrx priveleges. Of course if the user is set to a local
> administrator on the machine none of these problems arise. I have even tried
> explicitely adding a single user to the users group in windows and still the
> problem occurs. I've looked in gpedit.msc and have been unable to locate
> anything to point to the problem there. Below is a copy of smb.conf with
> certain information left out for security and such as well as a sample user
> entry from FDS and a snippet of a windows login log from a windows 2000
> client. I know it's a bit long but I wanted to try and get all possible
> information in the email. Let me know if I left anything out.
> 
> -Robert
> 
> <--------- Start smb.conf ------------>
> 
> [global]
>    workgroup = IPOV
>    security = user
> passdb backend = ldapsam:ldap://example.ldap.server
> ldap admin dn = cn=admin users
> ldap suffix = dc=company,dc=com
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap group suffix = ou=Groups
> 
> log file = /var/log/%m.log
> log level = 1
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
> os level = 65
> domain logons = yes
> domain master = yes
> local master = yes
> preferred master = yes
> 
> wins support = yes
> 
> logon home = \\%N\homes\%U
> logon path = \\%N\profiles\%U
> logon drive = H:
> 
>    template shell = /bin/false
>    winbind use default domain = no
> 
>    idmap uid = 16777216-33554431
>    idmap gid = 16777216-33554431
> 
> [netlogon]
> path = /mnt/data/netlogon
> read only = yes
> browsable = no
> 
> [profiles]
> path = /mnt/data/profiles
> read only = no
> create mask = 0777
> directory mask = 0777
> writeable = yes
> browsable = no
> guest ok = no
> 
> [homes]
> browsable = no
> writable = yes
> create mask = 0764
> directory mask = 0775
> 
> <---------- End smb.con ---------->
> 
> <---------- Start example ldap entry ------------->
> dn: uid=test.user,ou=Users,dc=company ,dc=com
> modifytimestamp: 20060922201729Z
> modifiersname: admin dn
> gidNumber: 2513
> sambaPrimaryGroupSID: S- sid_here-513
> passwordgraceusertime: 0
> sambaNTPassword: removed
> sambaLMPassword: removed
> userPassword: removed
> uid: test.user
> uidNumber: 1400
> homeDirectory: /home/test.user
> loginShell: /bin/bash
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> objectClass: organizationalPerson
> objectClass: top
> objectClass: person
> cn: Test User
> sn: User
> gecos: Test User
> description: Test User
> displayName: Test User
> mail: test.user at ipov.net
> sambaSID: S- sid_here-3814
> sambaHomeDrive: H:
> sambaHomePath: \\ server_name\homes
> sambaProfilePath: \\server_name\profiles\test.user
> sambaLogonScript: STARTUP.BAT
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdMustChange: 2147483647
> sambaPwdCanChange: 1142535948
> sambaPasswordHistory:
> 0000000000000000000000000000000000000000000000000000000000000000
> sambaPwdLastSet: 1142535948
> sambaAcctFlags: [U          ]
> creatorsname: cn=admin dn
> createtimestamp: 20060914135759Z
> nsuniqueid: removed
> parentid: 24
> entryid: 299
> entrydn: uid=test.user,ou=users,dc=company,dc=com
> numsubordinates: 0
> subschemasubentry: cn=schema
> hassubordinates: FALSE
> <---------- End example ldap entry ------------>
> 
> <----------- Start Windows login log ---------------->
> USERENV(bc.a4) 11:09:27:921 CopyProfileDirectoryEx: Setting Directory
> TimeStamps all Directories
> USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Set times on all
> directories
> USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Leaving with a return
> value of 1
> USERENV(bc.a4) 11:09:28:000 MyRegLoadKey: Mutex released.  Returning 0.
> USERENV(bc.a4) 11:09:28:015 MyRegLoadKey: Mutex released.  Returning 0.
> USERENV(bc.a4) 11:09:28:015 CreateClassHive: existing user classes hive
> found
> USERENV(bc.a4) 11:09:28:015 RestoreUserProfile:  About to Leave.  Final
> Information follows:
> USERENV(bc.a4) 11:09:28:015 Profile was successfully loaded.
> USERENV(bc.a4) 11:09:28:015 lpProfile->lpRoamingProfile = <\\server_name
> \profiles\test.user>
> USERENV(bc.a4) 11:09:28:015 lpProfile->lpLocalProfile = <C:\Documents and
> Settings\test.user>
> USERENV(bc.a4) 11:09:28:015 lpProfile->dwInternalFlags = 0x10
> USERENV(bc.a4) 11:09:28:015 RestoreUserProfile:  Leaving.
> USERENV(bc.a4) 11:09:28:015 GetUserGuid: Failed to get user guid with 1355.
> USERENV(bc.a4) 11:09:28:031 GetUserGuid: Failed to get user guid with 1355.
> USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Entering
> USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Build numbers match
> USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Leaving Successfully
> USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Releasing mutex.
> USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Leaving with a value of 1.
> USERENV(bc.a4) 11:09:28:031 LoadUserProfile: hProfile = <0x300>
> <----------- End Windows login log ---------------->
> <http://www.ipov.net>

More information about the samba mailing list