[Samba] Users, home directories and profiles

L.P.H. van Belle belle at bazuin.nl
Tue Jun 30 10:00:32 UTC 2020 

Read : https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.3-samba-member-fileserver-rights-example.txt 

This Still works for buster and other samba versions ( im now running 4.12.x ) for my servers. 

For your profiles; Add : acl_xattr:ignore system acl = yes in smb.conf on the share where you need it. 

Make/set the needed base rigths FROM WITHIN Linux then first configure the share FROM WITHIN Windows and while your logged in as DOM\Administrator.
And then FROM WITHIN Windows set the needed rights on through security tab. 

Done, dont touch it again from linux ( use getfacl to backup the rights )

Because only windows will use profiles and you simple have a better match in ACL's
I do the same for users, but thats a choice. 

I've started on my new server and im writing out the steps, takes some time.. 


> > > In the windows log events I've the following error:
> > > the processing of Group Policy failed. Windows could not 
> resolve the
> > > user name. This could be caused by one of more of the following :
> > > a) Name Resolution failure on the current domain controller
> > > b) Active Directory Replication Latency
> > > 
About this, enable Wait for Network in windows. 
Its a GPO. 

This should get you where you need to be. 


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Enrico Morelli via samba
> Verzonden: dinsdag 30 juni 2020 11:41
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Users, home directories and profiles
> 
> On Thu, 25 Jun 2020 14:14:46 +0200
> Enrico Morelli via samba <samba at lists.samba.org> wrote:
> 
> > On Tue, 23 Jun 2020 14:56:57 +0200
> > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > 
> > > On Tue, 23 Jun 2020 12:37:16 +0200
> > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > >   
> > > > On Mon, 22 Jun 2020 13:54:38 +0100
> > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > >     
> > > > > On 22/06/2020 13:50, Enrico Morelli wrote:      
> > > > > > On Mon, 22 Jun 2020 11:46:55 +0100
> > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > >        
> > > > > >> On 22/06/2020 11:33, Enrico Morelli wrote:        
> > > > > >>> [global]
> > > > > >>> 	dns forwarder = 150.217.1.32
> > > > > >>> 	netbios name = FIORGEN7
> > > > > >>> 	realm = CERM.UNIFI.IT
> > > > > >>> 	server role = active directory domain controller
> > > > > >>> 	workgroup = CERM
> > > > > >>> 	idmap_ldb:use rfc2307 = yes
> > > > > >>> 	vfs objects = acl_xattr
> > > > > >>> 	map acl inherit = yes        
> > > > > >> Remove the last two lines, they have no place on a 
> DC and in
> > > > > >> fact you have turned off one of the required vfs
> > > > > >> objects.        
> > > > > > Done.
> > > > > >        
> > > > > >>> [homes]
> > > > > >>> 	path = /home/win_shares/homes
> > > > > >>> 	read only = no        
> > > > > >> I would rename [homes] to [users], [homes] is a 
> special share
> > > > > >> that does not require the 'path' parameter and 
> normally uses
> > > > > >> the users Unix directory path and you are using a Windows
> > > > > >> user home directory path.        
> > > > > > Done.
> > > > > >
> > > > > > All seems to be hard. Now I'm able to see security tab, but
> > > > > > when I select it the application crash.
> > > > > >
> > > > > > I tried to set profile but when I open Active 
> Directory Users
> > > > > > and Computers I receive: Naming information cannot 
> be located
> > > > > > for the following reason: The server is not operational.
> > > > > >
> > > > > > :-((
> > > > > >
> > > > > >        
> > > > > Firewall or Apparmor or Selinux getting in the way ?
> > > > > 
> > > > > Rowland
> > > > > 
> > > > > 
> > > > >       
> > > > 
> > > > I updated Windows 10 to the latest update, removed the 
> Windows PC
> > > > from the domain and putted it again.
> > > > 
> > > > Now Active Directory Users and Computers doesn't start.
> > > > 
> > > > I'm unable to use Computer Management to perform the 
> steps to set
> > > > home directories because it crashes.
> > > > 
> > > > I tried to set the homes using File explorer, going to 
> the shared
> > > > resources and creating the home directory but I receive that I
> > > > haven't permission to create a folder
> > > > under /home/win_shares/users.
> > > > 
> > > > Before I added my account to Unix Admins and Domain Admins. 
> > > > 
> > > > I set log level to 10 but I'm unable to see if there is issues
> > > > scrolling thousand of lines.
> > > > 
> > > > I don't know what fish to catch anymore :-((
> > > >     
> > > 
> > > In the windows log events I've the following error:
> > > the processing of Group Policy failed. Windows could not 
> resolve the
> > > user name. This could be caused by one of more of the following :
> > > a) Name Resolution failure on the current domain controller
> > > b) Active Directory Replication Latency
> > > 
> > >   
> > 
> > 
> > No ideas?
> > 
> > 
> > 
> 
> At the end I'll to abandon samba :-((
> I'm really sad
> 
> -- 
> -----------------------------------------------------------
>   Enrico Morelli
>   System Administrator | Programmer | Web Developer
> 
>   CERM - Polo Scientifico
>   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> ------------------------------------------------------------
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list