[Samba] Users, home directories and profiles
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 30 12:53:14 UTC 2020
Check the rights before the folder your trying to change.
Im guessing that now has 770, try 771 or 775 or 777
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Enrico Morelli [mailto:morelli at cerm.unifi.it]
> Verzonden: dinsdag 30 juni 2020 14:44
> Aan: samba at lists.samba.org
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Users, home directories and profiles
>
> On Tue, 30 Jun 2020 12:00:32 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Read :
> >
> https://github.com/thctlo/samba4/blob/master/howtos/stretch-ba
> se-3.3-samba-member-fileserver-rights-example.txt
> >
> > This Still works for buster and other samba versions ( im
> now running
> > 4.12.x ) for my servers.
> >
> > For your profiles; Add : acl_xattr:ignore system acl = yes in
> > smb.conf on the share where you need it.
> >
> > Make/set the needed base rigths FROM WITHIN Linux then first
> > configure the share FROM WITHIN Windows and while your logged in as
> > DOM\Administrator. And then FROM WITHIN Windows set the
> needed rights
> > on through security tab.
> >
> > Done, dont touch it again from linux ( use getfacl to backup the
> > rights )
> >
> > Because only windows will use profiles and you simple have a better
> > match in ACL's I do the same for users, but thats a choice.
> >
> > I've started on my new server and im writing out the steps, takes
> > some time..
> >
>
>
> I tried to follow your guide, but when I open the shared from the
> Windows client I've two problem:
>
> 1) I'm unable to create a folder under users because Windows say that
> I've no permission to do that (my user is in the Administrator group)
> 2) when I try to open Security tab the window crash
>
> >
> > > > > In the windows log events I've the following error:
> > > > > the processing of Group Policy failed. Windows could not
> > > resolve the
> > > > > user name. This could be caused by one of more of the
> > > > > following : a) Name Resolution failure on the current domain
> > > > > controller b) Active Directory Replication Latency
> > > > >
> > About this, enable Wait for Network in windows.
> > Its a GPO.
> >
> > This should get you where you need to be.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > Enrico Morelli via samba
> > > Verzonden: dinsdag 30 juni 2020 11:41
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Users, home directories and profiles
> > >
> > > On Thu, 25 Jun 2020 14:14:46 +0200
> > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > >
> > > > On Tue, 23 Jun 2020 14:56:57 +0200
> > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > >
> > > > > On Tue, 23 Jun 2020 12:37:16 +0200
> > > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > > >
> > > > > > On Mon, 22 Jun 2020 13:54:38 +0100
> > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > >
> > > > > > > On 22/06/2020 13:50, Enrico Morelli wrote:
> > > > > > > > On Mon, 22 Jun 2020 11:46:55 +0100
> > > > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > > > >
> > > > > > > >> On 22/06/2020 11:33, Enrico Morelli wrote:
> > > > > > > >>> [global]
> > > > > > > >>> dns forwarder = 150.217.1.32
> > > > > > > >>> netbios name = FIORGEN7
> > > > > > > >>> realm = CERM.UNIFI.IT
> > > > > > > >>> server role = active directory domain controller
> > > > > > > >>> workgroup = CERM
> > > > > > > >>> idmap_ldb:use rfc2307 = yes
> > > > > > > >>> vfs objects = acl_xattr
> > > > > > > >>> map acl inherit = yes
> > > > > > > >> Remove the last two lines, they have no place on a
> > > DC and in
> > > > > > > >> fact you have turned off one of the required vfs
> > > > > > > >> objects.
> > > > > > > > Done.
> > > > > > > >
> > > > > > > >>> [homes]
> > > > > > > >>> path = /home/win_shares/homes
> > > > > > > >>> read only = no
> > > > > > > >> I would rename [homes] to [users], [homes] is a
> > > special share
> > > > > > > >> that does not require the 'path' parameter and
> > > normally uses
> > > > > > > >> the users Unix directory path and you are
> using a Windows
> > > > > > > >> user home directory path.
> > > > > > > > Done.
> > > > > > > >
> > > > > > > > All seems to be hard. Now I'm able to see security tab,
> > > > > > > > but when I select it the application crash.
> > > > > > > >
> > > > > > > > I tried to set profile but when I open Active
> > > Directory Users
> > > > > > > > and Computers I receive: Naming information cannot
> > > be located
> > > > > > > > for the following reason: The server is not operational.
> > > > > > > >
> > > > > > > > :-((
> > > > > > > >
> > > > > > > >
> > > > > > > Firewall or Apparmor or Selinux getting in the way ?
> > > > > > >
> > > > > > > Rowland
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > I updated Windows 10 to the latest update, removed the
> > > Windows PC
> > > > > > from the domain and putted it again.
> > > > > >
> > > > > > Now Active Directory Users and Computers doesn't start.
> > > > > >
> > > > > > I'm unable to use Computer Management to perform the
> > > steps to set
> > > > > > home directories because it crashes.
> > > > > >
> > > > > > I tried to set the homes using File explorer, going to
> > > the shared
> > > > > > resources and creating the home directory but I
> receive that I
> > > > > > haven't permission to create a folder
> > > > > > under /home/win_shares/users.
> > > > > >
> > > > > > Before I added my account to Unix Admins and Domain Admins.
> > > > > >
> > > > > > I set log level to 10 but I'm unable to see if
> there is issues
> > > > > > scrolling thousand of lines.
> > > > > >
> > > > > > I don't know what fish to catch anymore :-((
> > > > > >
> > > > >
> > > > > In the windows log events I've the following error:
> > > > > the processing of Group Policy failed. Windows could not
> > > resolve the
> > > > > user name. This could be caused by one of more of the
> > > > > following : a) Name Resolution failure on the current domain
> > > > > controller b) Active Directory Replication Latency
> > > > >
> > > > >
> > > >
> > > >
> > > > No ideas?
> > > >
> > > >
> > > >
> > >
> > > At the end I'll to abandon samba :-((
> > > I'm really sad
> > >
> > > --
> > > -----------------------------------------------------------
> > > Enrico Morelli
> > > System Administrator | Programmer | Web Developer
> > >
> > > CERM - Polo Scientifico
> > > via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> > > ------------------------------------------------------------
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >
>
>
>
> --
> -----------------------------------------------------------
> Enrico Morelli
> System Administrator | Programmer | Web Developer
>
> CERM - Polo Scientifico
> via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> ------------------------------------------------------------
>
>
More information about the samba
mailing list