[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem
Adam Sienkiewicz
adamsienkiewicz78 at gmail.com
Fri Feb 24 09:53:55 MST 2012
Hi;
Thanks for reply.
Jurgen I tryed your settings in smb.conf but still the same
I attach log durin logon jas user.
For me there are no error - but still see error in windows about roaming
profiles not created ...
maybe this is a bug in samba or ldap ?
oot at debldap4:~# tail -f /var/log/samba/jas_172.16.220.136.log
[2012/02/24 17:49:16.156253, 1] smbd/service.c:1070(make_connection_snum)
tester (::ffff:172.16.220.136) connect to service netlogon initially as
user jas (uid=1002, gid=512) (pid 2177)
[2012/02/24 17:49:26.032109, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:49:26.033237, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:16.705954, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:16.708110, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.043034, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/02/24 17:50:40.044292, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.045255, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:40.045616, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:40.055071, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:40.055623, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.056102, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.066467, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Returning domain sid for domain TESTADM ->
S-1-5-21-3986075260-1976875605-3695878225
[2012/02/24 17:50:40.079195, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.782999, 1] smbd/service.c:1251(close_cnum)
tester (::ffff:172.16.220.136) closed connection to service netlogon
[2012/02/24 17:50:43.297758, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.298137, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:43.298334, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:43.300114, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.300549, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303237, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303929, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:43.304730, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:43.305311, 1] smbd/service.c:1070(make_connection_snum)
tester (::ffff:172.16.220.136) connect to service profiles initially as
user jas (uid=1002, gid=512) (pid 2204)
[2012/02/24 17:50:44.257013, 1] smbd/service.c:1251(close_cnum)
tester (::ffff:172.16.220.136) closed connection to service profiles
[2012/02/24 17:50:47.965091, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/02/24 17:50:47.967680, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.969245, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:47.969445, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:47.971263, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.971580, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.971906, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.980087, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 513
[2012/02/24 17:50:47.983239, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.983742, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.988375, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.989128, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.990546, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.990923, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.991353, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.991517, 1] smbd/service.c:1070(make_connection_snum)
tester (::ffff:172.16.220.136) connect to service profiles initially as
user jas (uid=1002, gid=512) (pid 2207)
[2012/02/24 17:50:48.000578, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:48.053803, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:48.055718, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:48.072541, 2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
Returning domain sid for domain TESTADM ->
S-1-5-21-3986075260-1976875605-3695878225
[2012/02/24 17:50:48.075953, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:50.525614, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:50.526719, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:50.536994, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:50.537923, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:50.539590, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:50.540070, 1] smbd/service.c:1070(make_connection_snum)
tester (::ffff:172.16.220.136) connect to service netlogon initially as
user jas (uid=1002, gid=512) (pid 2205)
[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file)
jas opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)
[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file)
jas opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)
[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file)
jas opened file Default User/ntuser.ini read=Yes write=No (numopen=3)
[2012/02/24 17:50:53.244238, 2] smbd/open.c:633(open_file)
jas opened file Default User/Moje dokumenty/desktop.ini read=Yes write=No
(numopen=4)
[2012/02/24 17:50:53.246132, 2] smbd/open.c:633(open_file)
jas opened file Default User/Moje dokumenty/Moja muzyka/Przyk�adowa
muzyka.lnk read=Yes write=No (numopen=5)
[2012/02/24 17:50:53.247875, 2] smbd/open.c:633(open_file)
jas opened file Default User/Moje dokumenty/Moja muzyka/Desktop.ini
read=Yes write=No (numopen=6)
[2012/02/24 17:50:53.250202, 2] smbd/open.c:633(open_file)
jas opened file Default User/Moje dokumenty/Moje obrazy/Przyk�adowe
obrazy.lnk read=Yes write=No (numopen=7)
[2012/02/24 17:50:53.250414, 2] smbd/open.c:633(open_file)
jas opened file Default User/Moje dokumenty/Moje obrazy/Desktop.ini
read=Yes write=No (numopen=8)
[2012/02/24 17:50:53.250589, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/��cza/Windows Media.url read=Yes
write=No (numopen=9)
[2012/02/24 17:50:53.251275, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/��cza/Windows.url read=Yes write=No
(numopen=10)
[2012/02/24 17:50:53.257908, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/��cza/Bezp�atna us�uga pocztowa
Hotmail.url read=Yes write=No (numopen=11)
[2012/02/24 17:50:53.264517, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/MSN.com.url read=Yes write=No
(numopen=12)
[2012/02/24 17:50:53.266022, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/Desktop.ini read=Yes write=No
(numopen=13)
[2012/02/24 17:50:53.266235, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/��cza/Dostosuj ��cza.url read=Yes
write=No (numopen=14)
[2012/02/24 17:50:53.266620, 2] smbd/open.c:633(open_file)
jas opened file Default User/Ulubione/Przewodnik po stacjach
radiowych.url read=Yes write=No (numopen=15)
[2012/02/24 17:50:53.267454, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/desktop.ini read=Yes write=No
(numopen=16)
[2012/02/24 17:50:53.268578, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Free Pascal/Free
Pascal.lnk read=Yes write=No (numopen=17)
[2012/02/24 17:50:53.268876, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/desktop.ini read=Yes
write=No (numopen=18)
[2012/02/24 17:50:53.278394, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Free Pascal/Uninstall
Free Pascal.lnk read=Yes write=No (numopen=19)
[2012/02/24 17:50:53.278552, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Free Pascal/Free Pascal
on the Web.lnk read=Yes write=No (numopen=20)
[2012/02/24 17:50:53.280413, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Windows Media Player.lnk
read=Yes write=No (numopen=21)
[2012/02/24 17:50:53.287024, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Internet Explorer.lnk
read=Yes write=No (numopen=22)
[2012/02/24 17:50:53.288310, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Autostart/desktop.ini
read=Yes write=No (numopen=23)
[2012/02/24 17:50:53.288463, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Outlook Express.lnk
read=Yes write=No (numopen=24)
[2012/02/24 17:50:53.290466, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Akcesoria/desktop.ini
read=Yes write=No (numopen=25)
[2012/02/24 17:50:53.290586, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Pomoc zdalna.lnk
read=Yes write=No (numopen=26)
[2012/02/24 17:50:53.293580, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu
Start/Programy/Akcesoria/Synchronizuj.lnk read=Yes write=No (numopen=27)
[2012/02/24 17:50:53.293742, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Akcesoria/Kreator
zgodno�ci program�w.lnk read=Yes write=No (numopen=28)
[2012/02/24 17:50:53.302409, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Akcesoria/Notatnik.lnk
read=Yes write=No (numopen=29)
[2012/02/24 17:50:53.312223, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu Start/Programy/Akcesoria/U�atwienia
dost�pu/desktop.ini read=Yes write=No (numopen=30)
[2012/02/24 17:50:53.312483, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu
Start/Programy/Akcesoria/Rozrywka/desktop.ini read=Yes write=No (numopen=31)
[2012/02/24 17:50:53.312779, 2] smbd/open.c:633(open_file)
jas opened file Default User/Menu
Start/Programy/Akcesoria/Rozrywka/Windows Media Player.lnk read=Yes
write=No (numopen=32)
[2012/02/24 17:50:53.314770, 2] smbd/open.c:633(open_file)
My entry for user in ldap looks like
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=TESTADM))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: jas
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 512
Unix username: jas
NT username: jas
Account Flags: [U ]
User SID: S-1-5-21-3986075260-1976875605-3695878225-3004
Primary Group SID: S-1-5-21-3986075260-1976875605-3695878225-512
Full Name: jas
Home Directory: \\172.16.220.131\jas
HomeDir Drive: H:
Logon Script: %G
Profile Path: \\172.16.220.131\profiles\jas
Domain: TESTADM
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Thu, 08 Sep 2011 10:35:19 CEST
Password can change: Thu, 08 Sep 2011 10:35:19 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Please help! I fight with them few monts and dead line for new server is
coming :(
2012/2/24 Jürgen Echter <j.echter at echter-kuechen-elektro.de>
> Am 23.02.2012 14:06, schrieb Adam Sienkiewicz:
>
>> Hi;
>>
>> It didn't help. Now for /profiles I have permissions:
>>
>> drwxrwxrwt 13 root root 4096 Feb 17 20:05 profiles
>>
>> and if user login to domain firth time its profile dir is created but
>> nothing else ...
>>
>> Now /profiles looks lie:
>>
>> /profiles
>> ├── [drwx------ czarus Domain U] czarus
>> ├── [drwx------ domainad domainad] domainadm
>> ├── [drwxrwxrwx jas Domain A] jas
>> ├── [drwx------ root root ] root
>> ├── [drwx------ sambaroo Domain U] sambaroot2
>> ├── [drwx------ sambaroo Domain U] sambaroot2.V2
>> ├── [drwx------ sambaroo Domain U] sambaroot3
>> ├── [drwx------ sambaroo Domain U] sambaroot3.V2
>> ├── [drwx------ test2 Domain U] test2
>> │ └── [drwx------ test2 Domain U] dfd
>> ├── [drwx------ test5 domainad] test5
>>
>>
>>
>> 2012/2/23 steve<steve at steve-ss.com>
>>
>> I googled few days I tryed all what I can find but with no luck. It will
>>> be great if somebody could help me with this because I have no idea what
>>> is
>>> a root cause of my issue.
>>> Hi
>>> The cause is usually because of wrong permissions on the profiles folder.
>>> Try the big hammer first:
>>> Backup /profiles
>>> chmod -R 0777 /profiles
>>> comment out:
>>>
>>> create mask = 0600
>>> directory mask = 0700
>>> create a new user
>>> login as the new user. That user should have his profile OK.
>>>
>>> Then put the security back one stage at a time until it doesn't work
>>> again.
>>> HTH
>>> Steve
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/****mailman/options/samba<https://lists.samba.org/**mailman/options/samba>
>>> <https://**lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba>
>>> >
>>>
>>> Hi,
>
> i got this in my smb.conf (local smb server)
>
> [profile]
> comment = Profildateien
> path = /DATEN/samba/profile
> guest ok = yes
> browseable = no
>
> create mask = 0600
> directory mask = 0700
> writeable = yes
> profile acls = yes
>
> valid users = %U @"Domain Admins"
> force user = %U
> csc policy = disable
>
> and this on bdc (backup domain controller)
>
> [profile]
> comment = Profildateien
> path = \\mule\profile
> guest ok = yes
> browseable = no
>
> create mask = 0600
> directory mask = 0700
> writeable = yes
> profile acls = yes
>
> valid users = %U @"Domain Admins"
> force user = %U
> csc policy = disable
>
>
> pdbedit -L -v says (for one user here)
>
> ---------------
> Unix username: stefan
> NT username: stefan
> Account Flags: [UX ]
> User SID: S-1-5-21-3842863818-**2180709222-141296495-3436
> Primary Group SID: S-1-5-21-3842863818-**2180709222-141296495-513
> Full Name: Stefan
> Home Directory: \\mule\stefan
> HomeDir Drive: H:
> Logon Script: stefan.bat
> Profile Path: \\mule\profile\stefan
> Domain: WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: 0
> Password last set: Do, 20 Okt 2011 18:18:19 CEST
> Password can change: Do, 20 Okt 2011 18:18:19 CEST
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF**FFFFFFFFFFFF
> ---------------
>
> maybe you can see anything related to you. :)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
More information about the samba
mailing list