[Samba] local copy microsoft/credentials directory profile redirection
charles
charlesaburrell at gmail.com
Mon Oct 19 13:25:48 MDT 2009
hello,
i've set up a domain controller to replace a production server.
both servers use profile redirection for all user environment directories.
my problem is that when logging onto the new domain and server, windows will
create in the %userprofile% local directory an Application Directory
containing Microsoft/Credentials/*SID*, although a copy exists on the
server.
this directory is used to store the user's network passwords.
because a blank credential directory is created stored network passwords
(explorer only) are not used. all other applications use the network copy of
the directory (as they should).
redirection is done through adm here are the pertinent settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders]
"AppData"="%logonserver%\profiles\%username%\Application Data"
"Cookies"="%logonserver%\profiles\%username%\Cookies"
"Desktop"="%logonserver%\%username%\Desktop"
"Personal"="%logonserver%\%username%\My Documents"
"Local AppData"="%logonserver%\profiles\%username%\Local
Settings\Application Data"
"Cache"="c:\temp\users\%username%\Local Settings\Temporary Internet Files"
"History"="c:\temp\users\%username%\Local Settings\History"
"Local Settings"="c:\temp\users\%username%\Local Settings"
the same client joined to current domain (with the same adm settings) will
not reproduce un-desired behavior.
does anyone have any suggestions, guesses, etc?
clients: windows xp sp3 (offline files disabled; set to delete local copies
of profiles at log off)
os: ubuntu 9.04 server
samba: 3.3.2-1ubuntu3.2
config:
Server role:
ROLE_DOMAIN_PDC
[global]
workgroup = domain-name
server string = server-name
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
log level = 5 vfs:0 smb:0
syslog = 0
log file = /var/log/samba/log.%h
max log size = 10000000
max xmit = 65535
socket options = TCP_NODELAY SO_SNDBUF=1638400 SO_RCVBUF=1638400
SO_KEEPALIVE
printcap name = cups
show add printer wizard = No
max stat cache size = 1024
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
logon script = logon.bat
logon path = \\%N\hives\%U
logon drive = " "
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
kernel oplocks = No
ldap admin dn = cn=admin,dc=domain-name,dc=bz
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=domain-name,dc=bz
ldap ssl = no
ldap user suffix = ou=Users
utmp = Yes
panic action = /usr/share/samba/panic-action %d
cups options = raw
case sensitive = No
hide files = /desktop.ini/
[netlogon]
path = /usershare/netlogon
write list = jorge
guest ok = Yes
[hives]
comment = Profile Hive Directory
path = /userdata/hives/%a
read only = No
create mask = 0600
directory mask = 0700
browseable = No
csc policy = disable
oplocks = No
level2 oplocks = No
vfs objects = full_audit, recycle
full_audit:priority = notice
full_audit:facility = local5
full_audit:failure = connect mkdir rename unlink rmdir pwrite
full_audit:success = connect disconnect mkdir rename unlink rmdir
pwrite
full_audit:prefix = %u|%S - %m|%I
recycle:maxsize = 0
recycle:versions = yes
recycle:touch = yes
recycle:keeptree = yes
recycle:repository = /userdata/user_trash/%U
[profiles]
comment = Profile Data Directory
path = /userdata/profiles/%a
read only = No
create mask = 0600
directory mask = 0700
browseable = No
csc policy = disable
oplocks = No
level2 oplocks = No
[printers]
comment = Printers
path = /var/spool/samba
admin users = @lpadmin
write list = @lpadmin, root
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /etc/samba/drivers
admin users = @lpadmin
write list = @lpadmin, root
--
Charles
Belmopan, Belize
"... we just love cars and we love driving them!"
http://www.cardomain.com/ride/2400106
More information about the samba
mailing list