[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

J. Echter j.echter at elektro-mayer-echter.de
Wed Jul 20 09:58:34 MDT 2011


i've finally have my LDAP backend working for authentication for my DC.

Logon scripts are executed, user is authenticated, but my roaming 
profiles are not found.

here is what i have in my config files:

    printing = bsd
    netbios name = PDC
    server string = PDC (%h)
    workgroup = workgroup
    interfaces = eth0,lo
    security = user
    encrypt passwords = true
    map to guest = bad user
    guest account = nobody

    ## LDAP
    passdb backend = ldapsam:ldap://
    idmap backend = ldap:ldap://
    idmap uid = 10000-15000
    idmap gid = 10000-15000
    ldap suffix = dc=workgroup,dc=local
    ldap user suffix = ou=smb-usr
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap idmap suffix = ou=idmap
    ldap admin dn = cn=admin,dc=workgroup,dc=local
    ldap ssl = no
    ldap passwd sync = yes
    add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
    add user script = /usr/sbin/smbldap-useradd -a '%u'
    delete user script = /usr/sbin/smbldap-userdel %u
    add group script = /usr/sbin/smbldap-groupadd -a '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

    local master = yes
    preferred master = yes
    domain master = yes
    domain logons = yes
    logon path = \\%L\profile\%U
    logon script = %U.bat
    logon drive = H:
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
    panic action = /usr/share/samba/panic-action %d

#======================= Share Definitions =======================
    comment = Home Directories
    browseable = no
    writeable = yes

    comment = Profildateien
    path = /bacula/samba/profile
    guest ok = yes
    browseable = no
    create mask = 0600
    directory mask = 0700
    writeable = yes
    profile acls = yes

    comment = Network Logon Service
    path = /bacula/samba/netlogon
    guest ok = yes
    writeable = no
    share modes = no
    browseable = no


userHome="/home/%U" (also tried \\pdc\%U)

what is it what i am overlooking?

many thanks and greets


More information about the samba mailing list