[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Jürgen Echter j.echter at echter-kuechen-elektro.de
Fri Feb 24 09:24:43 MST 2012


Am 23.02.2012 14:06, schrieb Adam Sienkiewicz:
> Hi;
>
> It didn't help. Now for /profiles I have permissions:
>
> drwxrwxrwt 13 root root  4096 Feb 17 20:05 profiles
>
> and if user login to domain firth time its profile dir is created but
> nothing else ...
>
> Now /profiles looks lie:
>
> /profiles
> ├── [drwx------ czarus   Domain U]  czarus
> ├── [drwx------ domainad domainad]  domainadm
> ├── [drwxrwxrwx jas      Domain A]  jas
> ├── [drwx------ root     root    ]  root
> ├── [drwx------ sambaroo Domain U]  sambaroot2
> ├── [drwx------ sambaroo Domain U]  sambaroot2.V2
> ├── [drwx------ sambaroo Domain U]  sambaroot3
> ├── [drwx------ sambaroo Domain U]  sambaroot3.V2
> ├── [drwx------ test2    Domain U]  test2
> │   └── [drwx------ test2    Domain U]  dfd
> ├── [drwx------ test5    domainad]  test5
>
>
>
> 2012/2/23 steve<steve at steve-ss.com>
>
>> I googled few days I tryed all what I can find but with no luck. It will
>> be great if somebody could help me with this because I have no idea what is
>> a root cause of my issue.
>> Hi
>> The cause is usually because of wrong permissions on the profiles folder.
>> Try the big hammer first:
>> Backup /profiles
>> chmod -R 0777 /profiles
>> comment out:
>>
>> create mask = 0600
>> directory mask = 0700
>> create a new user
>> login as the new user. That user should have his profile OK.
>>
>> Then put the security back one stage at a time until it doesn't work again.
>> HTH
>> Steve
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>>
Hi,

i got this in my smb.conf (local smb server)

[profile]
    comment = Profildateien
    path = /DATEN/samba/profile
    guest ok = yes
    browseable = no
    create mask = 0600
    directory mask = 0700
    writeable = yes
    profile acls = yes
    valid users = %U @"Domain Admins"
    force user = %U
    csc policy = disable

and this on bdc (backup domain controller)

[profile]
    comment = Profildateien
    path = \\mule\profile
    guest ok = yes
    browseable = no
    create mask = 0600
    directory mask = 0700
    writeable = yes
    profile acls = yes
    valid users = %U @"Domain Admins"
    force user = %U
    csc policy = disable


pdbedit -L -v says (for one user here)

---------------
Unix username:        stefan
NT username:          stefan
Account Flags:        [UX         ]
User SID:             S-1-5-21-3842863818-2180709222-141296495-3436
Primary Group SID:    S-1-5-21-3842863818-2180709222-141296495-513
Full Name:            Stefan
Home Directory:       \\mule\stefan
HomeDir Drive:        H:
Logon Script:         stefan.bat
Profile Path:         \\mule\profile\stefan
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         0
Password last set:    Do, 20 Okt 2011 18:18:19 CEST
Password can change:  Do, 20 Okt 2011 18:18:19 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------

maybe you can see anything related to you. :)


More information about the samba mailing list