[Samba] setting up W7 profiles
rowlandpenny at googlemail.com
Thu Mar 5 10:49:03 MST 2015
On 05/03/15 17:22, Bob of Donelson Trophy wrote:
> 'getent group DomainUsers' indeed returns nothing.
> Now, I know, you know this like the "back of your hand" but, am I wrong,
> are the permissions for **profiles** somewhat (not alot) different from
> permissions for file shares? Because I see that instructions (on the
> wiki) for file sharing reads differently.
> Thanks, again.
> Bob Wooden of Donelson Trophy
> 615.885.2846 (main)
> www.donelsontrophy.com 
> "Everyone deserves an award!!"
> On 2015-03-05 07:38, Rowland Penny wrote:
>> On 05/03/15 13:25, Bob of Donelson Trophy wrote:
>>> I am setting up W7 profiles following the "Samba & Windows Profiles" on the Sambawiki. If it matters, I have two functional DC's and one member server. When I run '# chmod 1770 /srv/samba/profiles' (on the member server) the permissions changed to: root at mbr01:~# ls -alh /srv/samba/profiles total 12K drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 . drwxr-xr-t 5 root root 4.0K Mar 1 10:21 .. The first line changed from 'drwxr-xr-t' to 'drwxrwx--T+' and the second did not change. Under "Profile share with using POSIX ACLs" it is indicated that we should change the '# chgrp „Domain Users" /srv/samba/profiles' I am getting "chgrp: invalid group: `Domain Users' " When I run "wbinfo -g" there listed is "domain users". I have tried lower case "# chgrp „domain users" /srv/samba/profiles" with the same result "chgrp: invalid group: `domain users' ". Suggestions?
>> Hi Bob, 'wbinfo -g' does indeed show 'domain users' but this is not what is used when you try to use chgrp. What does 'getent group Domain Users' show ?
>> If it doesn't return anything, then we need to find out why not
>  http://www.donelsontrophy.com
OK, the problem here is that Unix has to know who 'Domain Users' is
before it will/can change the group ownership of a directory.
I take it that the passwd & group lines in /etc/nsswitch.conf have had
'winbind' added to them and if you run 'pam-auth-update' it shows
winbind amongst the authentication methods.
Does Domain Users have a gidNumber ? If not then modify the 'Domain
Users' object in AD and add one.
You have to get 'getent group Domain\ Users' to return the group info
before you can go any further.
More information about the samba