[Samba] PDC Multiple users

Scott Lovenberg scott.lovenberg at gmail.com
Tue Jan 29 01:17:48 GMT 2008 

On Jan 28, 2008 1:39 PM, Harol Hunter <hhuntercu at gmail.com> wrote:

> As you can see I still alive (I don't know for how long but ... ;-)
> Well let me tell you all my users have a SID and a UID in her/his
> accounts entries in LDAP I'll attach you my full smb.conf hoping you
> can help me, thanks a lot pal
>
> [global]
>
> #########################################################################
> #                               NETBIOS OPTIONS                         #
> #########################################################################
>
> netbios name = intranet
>
> workgroup = icic
>
> server string = Servidor Intranet
>
> #disable netbios = yes
>
> #########################################################################
> #                               SERVER OPTIONS                          #
> #########################################################################
>
> interfaces = eth0 lo
>
> bind interfaces only = yes
>
> socket address = 10.0.0.1
>
> hosts allow = 10.0.0. 127.
>
> hosts deny = 0.0.0.0/0
>
> #########################################################################
> #                               DOMAIN OPTIONS                          #
> #########################################################################
>
> security = user
>
> preferred master = yes
>
> domain master = yes
>
> local master = yes
>
> os level = 64
>
> admin users = @"Domain Admins"
>
> enable privileges = yes
>
> allow trusted domains = no
>
> ########################################################################
> #                               PASSWORDS OPTIONS                      #
> ########################################################################
>
> passdb backend = ldapsam:ldap://127.0.0.1/
>
> encrypt passwords = true
>
> #passwd chat = Cambiando contrasena de \nNueva Contrasena %n\n Retype
> new password %n\n
>
> passwd program = /usr/sbin/smbldap-passwd -u '%u'
>
> obey pam restrictions = No
>
> ########################################################################
> #                               USERS & GROUPS SCRIPTS                 #
> ########################################################################
>
> #min passwd length = 6
>
> add user script = /usr/sbin/smbldap-useradd -a -m '%u'
>
> delete user script = /usr/sbin/smbldap-userdel '%u'
>
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
>
> delete group script = /usr/sbin/smbldap-groupdel '%g'
>
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
>
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
>
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>
> add machine script = /usr/sbin/smbldap-useradd -w '%u'
>
> ########################################################################
> #                                LOGONS OPTIONS                        #
> ########################################################################
>
> domain logons = yes
>
> logon path = \\intranet\profiles\%u
>
> logon home = \\%L\%u\.profiles
>
> logon drive = H
>
> logon script = logon.cmd
>
> #######################################################################
> #                               LDAP OPTIONS                          #
> #######################################################################
>
> ldap suffix = dc=my,dc=domain,dc=com
>
> ldap admin dn = cn=admin,dc=my,dc=domain,dc=com
>
> ldap machine suffix = ou=Computers
>
> ldap user suffix = ou=Users
>
> ldap group suffix = ou=Groups
>
> ldap idmap suffix = ou=Idmap
>
> #ldap filter = ((uid=%u)&(objectclass=sambaSamAccount))
>
> #ldap ssl = start_tls
>
> ldap passwd sync = Yes
>
> ldap delete dn = yes
>
> #ldapsam:trusted = no
>
> #######################################################################
> #                               WINBIND OPTIONS                       #
> #######################################################################
>
> idmap backend = ldap://127.0.0.1/
>
> #idmap uid = 10000-20000
>
> #idmap gid = 10000-20000
>
> #winbind separator = '\'
>
> winbind trusted domains only = yes
>
> winbind use default domain = yes
>
>
> #######################################################################
> #                               LOGS OPTIONS                          #
> #######################################################################
>
> log file = /var/log/samba/smb.%m
>
> #log level = 1
>
> log level = 10 auth:10 nmbd:10
>
> #max log size = 5000
>
> syslog = 0
>
> #######################################################################
> #                               MISC. OPTIONS                         #
> #######################################################################
>
> wins support = yes
>
> time server = yes
>
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> max xmit = 8192
>
> #getwd cache = yes
>
> name resolve order = hosts bcast
>
> inherit acls = no
>
> map acl inherit = yes
>
> server signing = mandatory
>
> dns proxy = no
>
> svcctl list = bind9 apache2 chrony cron slapd winbind dhcpd3
>
> #######################################################################
> #                          SHARES                                     #
> ########################################################################
>
> [homes]
> comment = User's Home
>
> writable = yes
>
> browseable = no
>
> create mask = 0700
>
> directory mask = 0700
>
>
> [netlogon]
>
> comment = Network Logon Service
>
> path = /home/samba/netlogon
>
> browseable = no
>
> writable = no
>
> write list = @"Domain Admins"
>
>
> [profiles]
>
> comment = Network Users Profiles
>
> path = /home/samba/profiles
>
> csc policy = disable
>
> writable =yes
>
> #force user = %U
>
> #valid users = %U
>
> profile acls = yes
>
> browseable = no
>
> readonly = no
>
> create mask = 0600
>
> directory mask = 0700
>


Hrm, settings seem fine, as far as I can tell.  Have you tried the UPHClean
Windows Service?

>From Chapter 27. Desktop Profile
Management<http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id425774>of
the Samba How-To:

> There are certain situations that cause a cached local copy of roaming
> profile not to be deleted on exit, even if the policy to force such deletion
> is set. To deal with that situation, a special service was created. The
> application UPHClean (User Profile Hive Cleanup) can be installed as a
> service on Windows NT4/2000/XP Professional and Windows 2003.
>
> The UPHClean software package can be downloaded from the User Profile Hive
> Cleanup Service[7<http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#ftn.id427636>
> ] web site.
>

Chapter 27 of the Samba How-To might be worth a read.

I'm really fuzzy as to exactly is going on.  All you did was add a few extra
clients, correct?  You were deleting the roaming profile successfully before
this without having problems?
-- 
Peace and Blessings,
-Scott.

"Of course, that's just my opinion; I could be wrong"
-Dennis Miller

More information about the samba mailing list