[Samba] configuration needed to load roaming profiles off of a BDC?
Adam Williams
awilliam at mdah.state.ms.us
Tue Dec 4 14:30:43 GMT 2007
I have a PDC named GOMER with IP 10.8.3.37 and a BDC named BLDG1 with IP
10.8.3.231, both in the domain ADAMSTEST. I have a user testuser who
logged in successfully to GOMER and has a roaming profile in
/var/lib/samba/profiles/testuser. So I changed the TCP/IP settings of
the windows XP computer testuser uses from the WINS server of 10.8.3.37
to 10.8.3.231 so it would use BLDG1 for authentication and roaming
profiles. So then I logged in and logged out as testuser, but it loaded
and saved the profile to GOMER. Why is this? What samba configuration
changes do I need so that BLDG1 will load roaming profiles for users?
[root at gomer testuser]# testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[homes]"
Processing section "[accounts]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[print$]"
Processing section "[homes]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = ADAMSTEST
server string = Samba Server %v on gomer
interfaces = 10.8.3.37/24, 127.0.0.1/8
bind interfaces only = Yes
update encrypted = Yes
passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us
username map = /etc/samba/smbusers
log level = 3
syslog = 0
log file = /var/log/samba/%m
max log size = 50
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-groupmod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
logon home = \\gomer\%U
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = Yes
ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
ldap user suffix = ou=People
idmap backend = ldap:ldap://gomer.mdah.state.ms.us
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
printer admin = root, awilliam
hosts allow = 10.8.
map acl inherit = Yes
printing = cups
print command =
lpq command = %p
lprm command =
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
browseable = No
[accounts]
comment = Accounting Files
path = /data/accounts
read only = No
[netlogon]
comment = network logon service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root, awilliam
[root at bldg1 profiles]# testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[homes]"
Processing section "[accounts]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = ADAMSTEST
server string = Samba Server %v on bldg1
interfaces = eth0, lo
bind interfaces only = Yes
update encrypted = Yes
passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us
username map = /etc/samba/smbusers
log level = 9
syslog = 0
log file = /var/log/samba/%m
max log size = 50
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
logon script = scripts\logon.bat
logon path = \\bldg1\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
domain master = No
wins server = 10.8.3.37
ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = Yes
ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
ldap user suffix = ou=People
idmap backend = ldap:ldap://gomer.mdah.state.ms.us
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /sbin/nologin
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
printer admin = root, adam
map acl inherit = Yes
printing = cups
print command =
lpq command = %p
lprm command =
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[accounts]
comment = Accounting Files
path = /data/accounts
read only = No
[netlogon]
comment = network logon service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root, awilliam
[root at gomer testuser]# net getlocalsid GOMER
SID for domain GOMER is: S-1-5-21-2209012884-4204503957-3043144422
[root at gomer testuser]# net getlocalsid ADAMSTEST
SID for domain ADAMSTEST is: S-1-5-21-2139886109-2393431639-217723040
[root at bldg1 profiles]# net getlocalsid BLDG1
SID for domain BLDG1 is: S-1-5-21-2511021845-112538546-4165081779
[root at gomer ~]# ldapsearch -D
'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w
xxxxxxxx -x
# extended LDIF
#
# LDAPv3
# base <uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# testuser, People, gomer.mdah.state.ms.us
dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
uid: testuser
cn: test user
telephoneNumber: 5766888
roomNumber: IS
homePhone: 3738042
givenName: test
sn: user
mail: testuser at dc=mdah,dc=state,dc=ms,dc=us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 101
homeDirectory: /home/testuser
gecos: test user,IS,5766888,3738042
sambaSID: S-1-5-21-2139886109-2393431639-217723040-2002
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdMustChange: 0
sambaAcctFlags: [U ]
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1196178148
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
shadowLastChange: 13844
shadowMax: 99999
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root at gomer testuser]# pwd && ls -ltr
/var/lib/samba/profiles/testuser
request done: ld 0x895a058 msgid 1
request done: ld 0x895a058 msgid 2
request done: ld 0x895a058 msgid 3
total 612
drwx--x--x+ 3 testuser testuser 4096 2007-11-07 03:50 Start Menu
drwx--x--x+ 2 testuser testuser 4096 2007-11-07 03:50 PrintHood
drwx--x--x+ 2 testuser testuser 4096 2007-11-07 03:50 NetHood
drwx------+ 2 testuser testuser 4096 2007-11-07 03:50 Desktop
drwx--x--x+ 2 testuser testuser 4096 2007-11-07 12:06 Templates
drwx--x--x+ 2 testuser testuser 4096 2007-11-07 12:42 Cookies
drwx--x--x+ 2 testuser testuser 4096 2007-11-09 10:38 SendTo
drwx--x--x+ 4 testuser testuser 4096 2007-11-09 10:38 Application Data
drwx--x--x+ 2 testuser testuser 4096 2007-11-09 10:38 Recent
drwx--x--x+ 4 testuser testuser 4096 2007-11-09 10:38 My Documents
drwx--x--x+ 3 testuser testuser 4096 2007-11-09 10:38 Favorites
-rwx------ 1 testuser testuser 1024 2007-12-04 08:18 ntuser.dat.LOG
-rwx------ 1 testuser testuser 524288 2007-12-04 08:18 NTUSER.DAT
-rw------- 1 testuser testuser 178 2007-12-04 08:20 ntuser.ini
[root at bldg1 profiles]# cd /var/lib/samba/profiles/testuser
-bash: cd: /var/lib/samba/profiles/testuser: No such file or directory
More information about the samba
mailing list