[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?
Rowland penny
rpenny at samba.org
Tue Jun 28 12:17:28 UTC 2016
On 28/06/16 12:23, Thomas DEBESSE wrote:
> > OK, I think your problem is that you are trying to run your AD
> domain as if it is still an NT4-style domain.
>
> This does not sound like a surprise to me. ;-)
>
> > with AD, you would add […] to each users object in AD. You can do
> this with ADUC or by creating an ldif file on the DC and then use
> ldbmodify to add it.
>
> Oh, yes, you're right, I had to do the same for the logon.cmd, I
> already have a pdbedit call for logon.cmd stuff in my user creation
> script I wrote myself.
> I did that for the logon.cmd stuff, for each user:
>
> pdbedit --script="logon.cmd" "${user_name}"
>
> I suppose I can use the --profile= , --drive= and --homedir= options
> from pdbedit to do the same things you recommend without having to
> deal with ldif file.
>
> Too bad these values can't be forced by a template on the AD DC. I
> will try these options tonight when everyone will be logged out.
If you need to create new users, you could investigate 'samba-tool user
create --help' on a Samba DC, or you can write a script around pdbedit
to update your users.
>
> > did you know that ' writeable = Yes' is the same as 'read only =
> No' ? There is no point in having both.
>
> Yes, these smb.conf are more than 15 years old, modifying them
> continuously when I update something through the ages, so I will not
> be surprised if some stuff are superfluous or some crap is remaining.
>
> > I would suggest you follow the Samba wiki and use ACLs instead of
> the old style 'create mask' etc
>
> I will look at it interestingly, currently I don't need more and that
> part, even old, works very well. :-)
>
You could add IDMU to ADUC on a windows machine, this will get you the
'Unix Attributes' tabs
Rowland
More information about the samba
mailing list