[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Adam Sienkiewicz adamsienkiewicz78 at gmail.com
Fri Feb 24 09:53:55 MST 2012


Hi;
Thanks for reply.
Jurgen I tryed your settings in smb.conf but still the same

I attach log durin logon jas user.
For me there are no error  - but still see error in windows about roaming
profiles not created ...
maybe this is a bug in samba or ldap ?

oot at debldap4:~# tail -f /var/log/samba/jas_172.16.220.136.log
[2012/02/24 17:49:16.156253,  1] smbd/service.c:1070(make_connection_snum)
  tester (::ffff:172.16.220.136) connect to service netlogon initially as
user jas (uid=1002, gid=512) (pid 2177)
[2012/02/24 17:49:26.032109,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:49:26.033237,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:16.705954,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:16.708110,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.043034,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/02/24 17:50:40.044292,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.045255,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:40.045616,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:40.055071,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:40.055623,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.056102,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.066467,  2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
  Returning domain sid for domain TESTADM ->
S-1-5-21-3986075260-1976875605-3695878225
[2012/02/24 17:50:40.079195,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.782999,  1] smbd/service.c:1251(close_cnum)
  tester (::ffff:172.16.220.136) closed connection to service netlogon
[2012/02/24 17:50:43.297758,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.298137,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:43.298334,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:43.300114,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.300549,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303237,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303929,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:43.304730,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:43.305311,  1] smbd/service.c:1070(make_connection_snum)
  tester (::ffff:172.16.220.136) connect to service profiles initially as
user jas (uid=1002, gid=512) (pid 2204)
[2012/02/24 17:50:44.257013,  1] smbd/service.c:1251(close_cnum)
  tester (::ffff:172.16.220.136) closed connection to service profiles
[2012/02/24 17:50:47.965091,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/02/24 17:50:47.967680,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.969245,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:47.969445,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:47.971263,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.971580,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.971906,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.980087,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 513
[2012/02/24 17:50:47.983239,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.983742,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.988375,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.989128,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.990546,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.990923,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.991353,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.991517,  1] smbd/service.c:1070(make_connection_snum)
  tester (::ffff:172.16.220.136) connect to service profiles initially as
user jas (uid=1002, gid=512) (pid 2207)
[2012/02/24 17:50:48.000578,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:48.053803,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:48.055718,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:48.072541,  2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
  Returning domain sid for domain TESTADM ->
S-1-5-21-3986075260-1976875605-3695878225
[2012/02/24 17:50:48.075953,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:50.525614,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:50.526719,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:50.536994,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:50.537923,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:50.539590,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:50.540070,  1] smbd/service.c:1070(make_connection_snum)
  tester (::ffff:172.16.220.136) connect to service netlogon initially as
user jas (uid=1002, gid=512) (pid 2205)
[2012/02/24 17:50:50.931935,  2] smbd/open.c:633(open_file)
  jas opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)
[2012/02/24 17:50:51.884020,  2] smbd/open.c:633(open_file)
  jas opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)
[2012/02/24 17:50:51.905456,  2] smbd/open.c:633(open_file)
  jas opened file Default User/ntuser.ini read=Yes write=No (numopen=3)
[2012/02/24 17:50:53.244238,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Moje dokumenty/desktop.ini read=Yes write=No
(numopen=4)
[2012/02/24 17:50:53.246132,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Moje dokumenty/Moja muzyka/Przyk�adowa
muzyka.lnk read=Yes write=No (numopen=5)
[2012/02/24 17:50:53.247875,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Moje dokumenty/Moja muzyka/Desktop.ini
read=Yes write=No (numopen=6)
[2012/02/24 17:50:53.250202,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Moje dokumenty/Moje obrazy/Przyk�adowe
obrazy.lnk read=Yes write=No (numopen=7)
[2012/02/24 17:50:53.250414,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Moje dokumenty/Moje obrazy/Desktop.ini
read=Yes write=No (numopen=8)
[2012/02/24 17:50:53.250589,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/��cza/Windows Media.url read=Yes
write=No (numopen=9)
[2012/02/24 17:50:53.251275,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/��cza/Windows.url read=Yes write=No
(numopen=10)
[2012/02/24 17:50:53.257908,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/��cza/Bezp�atna us�uga pocztowa
Hotmail.url read=Yes write=No (numopen=11)
[2012/02/24 17:50:53.264517,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/MSN.com.url read=Yes write=No
(numopen=12)
[2012/02/24 17:50:53.266022,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/Desktop.ini read=Yes write=No
(numopen=13)
[2012/02/24 17:50:53.266235,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/��cza/Dostosuj ��cza.url read=Yes
write=No (numopen=14)
[2012/02/24 17:50:53.266620,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Ulubione/Przewodnik po stacjach
radiowych.url read=Yes write=No (numopen=15)
[2012/02/24 17:50:53.267454,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/desktop.ini read=Yes write=No
(numopen=16)
[2012/02/24 17:50:53.268578,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Free Pascal/Free
Pascal.lnk read=Yes write=No (numopen=17)
[2012/02/24 17:50:53.268876,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/desktop.ini read=Yes
write=No (numopen=18)
[2012/02/24 17:50:53.278394,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Free Pascal/Uninstall
Free Pascal.lnk read=Yes write=No (numopen=19)
[2012/02/24 17:50:53.278552,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Free Pascal/Free Pascal
on the Web.lnk read=Yes write=No (numopen=20)
[2012/02/24 17:50:53.280413,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Windows Media Player.lnk
read=Yes write=No (numopen=21)
[2012/02/24 17:50:53.287024,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Internet Explorer.lnk
read=Yes write=No (numopen=22)
[2012/02/24 17:50:53.288310,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Autostart/desktop.ini
read=Yes write=No (numopen=23)
[2012/02/24 17:50:53.288463,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Outlook Express.lnk
read=Yes write=No (numopen=24)
[2012/02/24 17:50:53.290466,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Akcesoria/desktop.ini
read=Yes write=No (numopen=25)
[2012/02/24 17:50:53.290586,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Pomoc zdalna.lnk
read=Yes write=No (numopen=26)
[2012/02/24 17:50:53.293580,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu
Start/Programy/Akcesoria/Synchronizuj.lnk read=Yes write=No (numopen=27)
[2012/02/24 17:50:53.293742,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Akcesoria/Kreator
zgodno�ci program�w.lnk read=Yes write=No (numopen=28)
[2012/02/24 17:50:53.302409,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Akcesoria/Notatnik.lnk
read=Yes write=No (numopen=29)
[2012/02/24 17:50:53.312223,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu Start/Programy/Akcesoria/U�atwienia
dost�pu/desktop.ini read=Yes write=No (numopen=30)
[2012/02/24 17:50:53.312483,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu
Start/Programy/Akcesoria/Rozrywka/desktop.ini read=Yes write=No (numopen=31)
[2012/02/24 17:50:53.312779,  2] smbd/open.c:633(open_file)
  jas opened file Default User/Menu
Start/Programy/Akcesoria/Rozrywka/Windows Media Player.lnk read=Yes
write=No (numopen=32)
[2012/02/24 17:50:53.314770,  2] smbd/open.c:633(open_file)

My entry for user in ldap looks like

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=TESTADM))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: jas
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 512
Unix username:        jas
NT username:          jas
Account Flags:        [U          ]
User SID:             S-1-5-21-3986075260-1976875605-3695878225-3004
Primary Group SID:    S-1-5-21-3986075260-1976875605-3695878225-512
Full Name:            jas
Home Directory:       \\172.16.220.131\jas
HomeDir Drive:        H:
Logon Script:         %G
Profile Path:         \\172.16.220.131\profiles\jas
Domain:               TESTADM
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Thu, 08 Sep 2011 10:35:19 CEST
Password can change:  Thu, 08 Sep 2011 10:35:19 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Please help! I fight with them few monts and dead line for new server is
coming :(

2012/2/24 Jürgen Echter <j.echter at echter-kuechen-elektro.de>

> Am 23.02.2012 14:06, schrieb Adam Sienkiewicz:
>
>> Hi;
>>
>> It didn't help. Now for /profiles I have permissions:
>>
>> drwxrwxrwt 13 root root  4096 Feb 17 20:05 profiles
>>
>> and if user login to domain firth time its profile dir is created but
>> nothing else ...
>>
>> Now /profiles looks lie:
>>
>> /profiles
>> ├── [drwx------ czarus   Domain U]  czarus
>> ├── [drwx------ domainad domainad]  domainadm
>> ├── [drwxrwxrwx jas      Domain A]  jas
>> ├── [drwx------ root     root    ]  root
>> ├── [drwx------ sambaroo Domain U]  sambaroot2
>> ├── [drwx------ sambaroo Domain U]  sambaroot2.V2
>> ├── [drwx------ sambaroo Domain U]  sambaroot3
>> ├── [drwx------ sambaroo Domain U]  sambaroot3.V2
>> ├── [drwx------ test2    Domain U]  test2
>> │   └── [drwx------ test2    Domain U]  dfd
>> ├── [drwx------ test5    domainad]  test5
>>
>>
>>
>> 2012/2/23 steve<steve at steve-ss.com>
>>
>>  I googled few days I tryed all what I can find but with no luck. It will
>>> be great if somebody could help me with this because I have no idea what
>>> is
>>> a root cause of my issue.
>>> Hi
>>> The cause is usually because of wrong permissions on the profiles folder.
>>> Try the big hammer first:
>>> Backup /profiles
>>> chmod -R 0777 /profiles
>>> comment out:
>>>
>>> create mask = 0600
>>> directory mask = 0700
>>> create a new user
>>> login as the new user. That user should have his profile OK.
>>>
>>> Then put the security back one stage at a time until it doesn't work
>>> again.
>>> HTH
>>> Steve
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/****mailman/options/samba<https://lists.samba.org/**mailman/options/samba>
>>> <https://**lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba>
>>> >
>>>
>>>  Hi,
>
> i got this in my smb.conf (local smb server)
>
> [profile]
>   comment = Profildateien
>   path = /DATEN/samba/profile
>   guest ok = yes
>   browseable = no
>
>   create mask = 0600
>   directory mask = 0700
>   writeable = yes
>   profile acls = yes
>
>   valid users = %U @"Domain Admins"
>   force user = %U
>   csc policy = disable
>
> and this on bdc (backup domain controller)
>
> [profile]
>   comment = Profildateien
>   path = \\mule\profile
>   guest ok = yes
>   browseable = no
>
>   create mask = 0600
>   directory mask = 0700
>   writeable = yes
>   profile acls = yes
>
>   valid users = %U @"Domain Admins"
>   force user = %U
>   csc policy = disable
>
>
> pdbedit -L -v says (for one user here)
>
> ---------------
> Unix username:        stefan
> NT username:          stefan
> Account Flags:        [UX         ]
> User SID:             S-1-5-21-3842863818-**2180709222-141296495-3436
> Primary Group SID:    S-1-5-21-3842863818-**2180709222-141296495-513
> Full Name:            Stefan
> Home Directory:       \\mule\stefan
> HomeDir Drive:        H:
> Logon Script:         stefan.bat
> Profile Path:         \\mule\profile\stefan
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          never
> Kickoff time:         0
> Password last set:    Do, 20 Okt 2011 18:18:19 CEST
> Password can change:  Do, 20 Okt 2011 18:18:19 CEST
> Password must change: never
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF**FFFFFFFFFFFF
> ---------------
>
> maybe you can see anything related to you. :)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>


More information about the samba mailing list