[Samba] samba4 profiles problems
Rowland Penny
rowlandpenny at googlemail.com
Fri Nov 1 12:37:30 MDT 2013
On 01/11/13 17:56, Rob Verduijn wrote:
> Hello,
>
> Thank you for your help.
> Having tried your solution, I can say it does not work with a samba4 DC.
>
> (A lot) More googling yielded the solution :
>
> Install the ad management tools on a windows client,
> See here for instructions:
> https://wiki.samba.org/index.php/Samba_AD_management_from_windows
>
> Join the windows pc to the samba ad domain.
>
> I've found a samba4 howto which was very helpfull,
> the magic is you have to issue the 'net rpc rights grant' command
> mentioned in here:
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares
>
> Set the share rights (using windows) as described in this page:
> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
> Also set the global group policy as described.
> Note: if you put the profiles folder in a subfolder of the
> samba/sysvol folder your security rights will look a lot more
> different from the ones in the example.
>
> Create a new user in the ad (using the windows ad management tools again).
> Log in as the user.
>
> This is my smb.conf
> Note the fact that there are only 3 lines for the profiles share. (and
> all the others as wel)
> You no longer manager that stuff with the smb.conf, it's in the registry now.
>
> I've created the Profiles folder with the default permission, user and group:
> permissions 755
> user : root
> group : root
>
> #Global parameters
> [global]
> workgroup = TJAKO
> realm = TJAKO.THUIS
> netbios name = SAMBA2
> server role = active directory domain controller
> dns forwarder = 172.16.1.13
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/tjako.thuis/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [Profiles]
> path = /home/Profiles
> read only = No
>
> Rob
>
> 2013/10/30 steve <steve at steve-ss.com>:
>> On Wed, 2013-10-30 at 11:38 +0100, Rob Verduijn wrote:
>>
>>> [Profiles]
>>> path = /var/lib/samba/sysvol/Profiles
>>> read only = no
>>>
>>> Anybody who can help me out ?
>>> Rob
>>
>> Hi
>> If you want to do it via smb.conf then this works OK on a Samba4 file
>> server:
>>
>> [profiles]
>> path = /home/profiles
>> read only = No
>> store dos attributes = Yes
>> create mask = 0600
>> directory mask = 0700
>> browseable = No
>> guest ok = No
>> printable = No
>> profile acls = Yes
>> csc policy = disable
>>
>> /home/profiles is root:root 1777
>> Not sure about serving the profiles from a DC though.
>>
>> Are you sure that your Domain Users can get at:
>> path = /var/lib/samba/sysvol/Profiles
>>
>> Don't forget to set the profile path with either with samba-tool,
>> ldbmodify or using windows ADUC. The latter may be the easier way:
>> http://linuxcostablanca.blogspot.com.es/2012/02/s4-profiles.html
>>
>> HTH
>> Steve
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Sheesh, and all I did was, added:
[profiles]
path = /home/profiles
read only = No
to smb.conf
created the directory
mkdir /home/profiles
chown root:root /home/profiles
chmod 0777 /home/profiles
log into XP, change desktop background and logout
go to server and there it was: /home/profiles/rowland
I find that if you have problems creating files or dirs that either
selinux or apparmor is at back of it.
Rowland
More information about the samba
mailing list