[Samba] Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]
Rowland Penny
rowlandpenny241155 at gmail.com
Sat Jul 4 18:37:32 UTC 2015
On 04/07/15 18:51, Gary Dale wrote:
> On 04/07/15 04:22 AM, Rowland Penny wrote:
>> On 04/07/15 00:58, Gary Dale wrote:
>>> On 03/07/15 01:21 PM, Rowland Penny wrote:
>>>> On 03/07/15 17:45, Gary Dale wrote:
>>>>> On 03/07/15 02:44 AM, Gary Dale wrote:
>>>>>> I've got roaming profiles for one account on a Debian/Jessie AD
>>>>>> DC server but I can't get them to work for the other accounts.
>>>>>> The differences are that the one account is also a Linux account
>>>>>> in the AD DC and is in the Domain Admins group. The other
>>>>>> accounts were created with ADUC on a Windows 7 machine logged in
>>>>>> as the Domain Admins user just mentioned. They are Domain Users
>>>>>> but not Admins and have no corresponding Linux account.
>>>>>>
>>>>>> I got that one account to work by taking ownership of its profile
>>>>>> directory. However Windows 7 currently only offers me two choices
>>>>>> for accounts that can take ownership of a profile directory
>>>>>> (Domain Admins and that one account are both listed. Other
>>>>>> accounts are not in the creator/owner tab).
>>>>>>
>>>>>> I've given Domain User full control of the profile folders but
>>>>>> that doesn't seem to be good enough to get the profiles to be
>>>>>> loaded and saved (the Linux permissions are 777).
>>>>>>
>>>>>> And yes, Ive set profile for each user using the Windows MMC plugin.
>>>>>>
>>>>>> Any ideas on what I'm missing?
>>>>>
>>>>> Further to above, I added one of the user accounts to the Domain
>>>>> Admins but still couldn't get a roaming profile to work for it.
>>>>
>>>> Hi, have a look here:
>>>> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>>>>
>>>> Rowland
>>>
>>> Thanks. I'd been trying that without success. The section on using
>>> ACLs doesn't work in my case for some reason.
>>>
>>
>> The 'reason' is probably why profiles don't work.
>>
>> Are you doing this on a DC or a member server ? on a DC I get this:
>>
>> root at dc01:~# getent group "domain admins"
>> EXAMPLE\Domain Admins:*:10002:
>>
>> and on a member server:
>>
>> rowland at ThinkPad ~ $ getent group "domain admins"
>> domain_admins:x:10002:s4admin,rowland,administrator
>>
>> I have RFC2307 attributes in AD and winbind set up on both.
>
> I get nothing when I run the command on the AD DC. There are currently
> no member servers.
>
> I followed the instructions at
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO and did include the
> --use-rfc2307. The only change I made was it doesn't actually mention
> installing kerberos but I found it necessary when I got to the
> configure kerberos section.
>
> According to the wiki, I don't have to do any winbind config, although
> they don't recommend using a DC as a file server due to some problems
> with winbind. Unfortunately I only have the one server in this location.
>
Ah, well this might seem a bit stupid, but if you followed:
https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
to the letter and you have this '[Profiles]' in smb.conf, could you try
changing it to '[profiles]' i.e. change the uppercase 'P' to a lowercase
'p', reload or restart samba then try again.
Rowland
More information about the samba
mailing list