[Samba] user profil wipe in a samba 4 AD domain

Rowland Penny rowlandpenny at googlemail.com
Fri Jun 12 03:23:42 MDT 2015 

On 12/06/15 07:22, joseph-andre Guaragna wrote:
> Sorry for the delayed answer, I received your answer while I was gone.
>
> My user are created using the RSAT tool directly from a Window box. We
> use pbis cause in case my company want to go for a pay version of the
> AD client. The main reason is that the sys admin job is on ly
> temporary, thus if any problem occur after they could go for a pay
> version and get help.

Oh yes, one of those operations, they can pay for samba help you know 
and pbis is just another layer on top of samba that could cause 
problems, I personally prefer the KISS way of doing things i.e. if it is 
not really needed, don't do it.

>
>
> As for you request for the samba.conf:
>
> [global]
>      workgroup = intra
>      realm = <our domain >
>      netbios name = <Serveur Name>
>      server string = Zentyal Server
>      server role = dc

The 'server role' line should be 'server role = active directory domain 
controller', not sure if it makes any difference, but it might.

>      server role check:inhibit = yes
>      server services = -dns
>      server signing = auto
>      dsdb:schema update allowed = yes
>      drs:max object sync = 1200
>
>      idmap_ldb:use rfc2307 = yes
>
>      interfaces = lo,eth0
>      bind interfaces only = yes
>
>      log level = 3
>      log file = /var/log/samba/samba.log
>      max log size = 100000
>
>
>
>      include = /etc/samba/shares.conf
>
>
>
>
> [netlogon]
>      path = /var/lib/samba/sysvol/<our domain >/scripts
>      browseable = no
>      read only = yes
>
> [sysvol]
>      path = /var/lib/samba/sysvol
>      read only = no
> Meilleures salutations / Best regards,
>
> Joseph-André GUARAGNA
>
>
> 2015-06-11 17:09 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>> On 11/06/15 15:28, joseph-andre Guaragna wrote:
>>> Yes that is exactly the point and why we implemented the AD in the first
>>> place.
>>>
>>> But still every person connecting to any workstation gets a home
>>> directory created whether it is on Linux or windows.
>>>
>>> And if I understood well, if no roaming profile in place on each
>>> machine the domain.user is created.
>>>
>>> Thus leading to blank home directory every time your user connect for
>>> the first time to a workstation, and data not following him right?
>>>
>>> But what I do not get, is after the first connection every time the
>>> user connect on the same workstation, he should find the data from his
>>> previous log in on this workstation. And I mean "on this workstation",
>>> if he as since logged in on another he should not see what he had on
>>> the other workstation.
>>>
>>> Am I right on this.
>>>
>> Yes, your users should be able to log into the same machine and find their
>> previous data, if this isn't happening, then I am fairly sure that this is a
>> windows problem not a samba problem.
>>
>> It might be a samba problem if you have altered the smb.conf on the samba AD
>> DC, if this is the case, can you post your smb.conf. How are you creating
>> the users? on ADUC ? with samba-tool, or some other way.
>>
>> I wonder if pbis is somehow involved, why are you using this, it isn't
>> really required.
>>
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

To be honest, I am not sure what is going on here, I normally set the 
users profiles to a specific place and don't have problems. Perhaps 
somebody who does what are trying to do, can jump in here and point out 
where you are going wrong (if anywhere).

Rowland

More information about the samba mailing list