[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

Julien Celle julien.celle at sivalex.com
Tue Aug 2 06:06:05 MDT 2011


First of all, there is a problem between your samba conf and the output 
of pdbedit : your server netbios name is defined in your smb.conf as 
'BDC' and your workgroup/domain as 'workgroup' whereas the pdbedit 
output indicates that the profile is stored on '\\pdc...' and that the 
user is defined on the domain 'BDC'.
Setting those correctly to the same values should help.

Le 02/08/2011 13:08, J. Echter a écrit :
> Am 25.07.2011 14:38, schrieb J. Echter:
>> Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu:
>>> From: "J. Echter"<j.echter at elektro-mayer-echter.de>
>>> Date: Thu, 21 Jul 2011 08:51:25 +0200
>>>
>>>> Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu:
>>>> hi,
>>>>
>>>> tried all your hints. still now profiles found...
>>> Hmmmm...
>>>
>>> My testing environment is available at
>>> ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip
>>>
>>>
>>> In this environment,
>>>
>>> 1) # chmod 1777 /var/lib/samba/shares/profiles
>>> 2) changing "hide files" and "profiles acls" same as yours
>>> 3) # pdbedit -p \\sambapdc\profiles\username username
>>> 4) Logging on as the user, roaming profiles is successfully created.
>>>
>>> I'm using "ldapsam:editposix" instead of smbldap-tools, so this may
>>> not help you...
>>>
>>> ---
>>> TAKAHASHI Motonobu<monyo at samba.gr.jp>
>> Hi,
>>
>> there's something wrong with my config... the successful logins are only
>> able because the users are already there as local unix accounts.
>>
>> i created a new user 'test' and this one can't even login.
>>
>> something with nsswitch seems configured wrong, imho. i get an error
>> like 'no unix account found'.
>>
>> i will post the details about that later, i have to wait till i can
>> switch the smb.conf again.
>>
>> cheers
>>
>> juergen.
> hi,
>
> i'm back :) but still the old problem.
>
> i have my tdbsam server running, i set up another samba server, without
> domain logons.
>
> i added a user 'test' to my ldap db. i added this user on the main pdc
> with smbldap-useradd
>
> sudo pdbedit -v test on my new test machine tells me:
>
> Unix username: test
> NT username: test
> Account Flags: [U ]
> User SID: S-1-5-21-3842863818-2180709222-141296495-3166
> Primary Group SID: (NULL SID)
> Full Name: test
> Home Directory: \\pdc\test
> HomeDir Drive: H:
> Logon Script: test.bat
> Profile Path: \\pdc\profiles\test
> Domain: BDC
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Fr, 22 Jul 2011 23:33:55 CEST
> Password can change: Fr, 22 Jul 2011 23:33:55 CEST
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> i wonder because my domain is called workgroup, not bdc. BDC is the name
> of the machine, not the domain.
>
> if im using this user to logon, it isn't found.
>
> phpldapadmin also shows a line like:
> sambaDomainName=BDC
> <http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engine&server_id=1&dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal>
>
> sambaDomainName=workgroup
> <http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engine&server_id=1&dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal>
>
>
> here's the conf of my testing smb machine:
>
> [global]
> domain master = no
> domain logons = no
> passdb backend = ldapsam:ldap://mule
> idmap backend = ldap:ldap://mule
> idmap uid = 10000-15000
> idmap gid = 10000-15000
> ldap suffix = dc=workgroup,dc=local
> ldap user suffix = ou=smb-usr
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=idmap
> ldap admin dn = cn=admin,dc=workgroup,dc=local
> ldap ssl = no
> ldap passwd sync = yes
>
> printing = bsd
> netbios name = BDC
> server string = BDC (%h)
> workgroup = workgroup
> interfaces = eth0,lo
> security = user
> encrypt passwords = true
> map to guest = bad user
> guest account = nobody
> logon path = \\pdc\profile\%U
> logon script = %U.bat
> logon drive = H:
> panic action = /usr/share/samba/panic-action %d
>
> my smbldap config is the following:
>
> sambaDomain="workgroup"
> suffix="dc=workgroup,dc=local"
> userProfile="\\pdc\profiles\%U"
>
> nsswitch.conf:
>
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> hosts: files wins dns
> networks: files dns
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> i hope somebody can tell me whats going on. i'm completely lost since a
> while :)
>
> thanks a nice day to all.
>
> juergen.




More information about the samba mailing list