[Samba] Users, home directories and profiles

L.P.H. van Belle belle at bazuin.nl
Tue Jun 30 12:53:14 UTC 2020


Check the rights before the folder your trying to change. 
Im guessing that now has 770, try 771 or 775 or 777


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: Enrico Morelli [mailto:morelli at cerm.unifi.it] 
> Verzonden: dinsdag 30 juni 2020 14:44
> Aan: samba at lists.samba.org
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Users, home directories and profiles
> 
> On Tue, 30 Jun 2020 12:00:32 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
> > Read :
> > 
> https://github.com/thctlo/samba4/blob/master/howtos/stretch-ba
> se-3.3-samba-member-fileserver-rights-example.txt 
> > 
> > This Still works for buster and other samba versions ( im 
> now running
> > 4.12.x ) for my servers. 
> > 
> > For your profiles; Add : acl_xattr:ignore system acl = yes in
> > smb.conf on the share where you need it. 
> > 
> > Make/set the needed base rigths FROM WITHIN Linux then first
> > configure the share FROM WITHIN Windows and while your logged in as
> > DOM\Administrator. And then FROM WITHIN Windows set the 
> needed rights
> > on through security tab. 
> > 
> > Done, dont touch it again from linux ( use getfacl to backup the
> > rights )
> > 
> > Because only windows will use profiles and you simple have a better
> > match in ACL's I do the same for users, but thats a choice. 
> > 
> > I've started on my new server and im writing out the steps, takes
> > some time.. 
> > 
> 
> 
> I tried to follow your guide, but when I open the shared from the
> Windows client I've two problem:
> 
> 1) I'm unable to create a folder under users because Windows say that
> I've no permission to do that (my user is in the Administrator group)
> 2) when I try to open Security tab the window crash
> 
> > 
> > > > > In the windows log events I've the following error:
> > > > > the processing of Group Policy failed. Windows could not   
> > > resolve the  
> > > > > user name. This could be caused by one of more of the
> > > > > following : a) Name Resolution failure on the current domain
> > > > > controller b) Active Directory Replication Latency
> > > > >   
> > About this, enable Wait for Network in windows. 
> > Its a GPO. 
> > 
> > This should get you where you need to be. 
> > 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> > 
> > 
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > > Enrico Morelli via samba
> > > Verzonden: dinsdag 30 juni 2020 11:41
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Users, home directories and profiles
> > > 
> > > On Thu, 25 Jun 2020 14:14:46 +0200
> > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > >   
> > > > On Tue, 23 Jun 2020 14:56:57 +0200
> > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > >   
> > > > > On Tue, 23 Jun 2020 12:37:16 +0200
> > > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > > >     
> > > > > > On Mon, 22 Jun 2020 13:54:38 +0100
> > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > >       
> > > > > > > On 22/06/2020 13:50, Enrico Morelli wrote:        
> > > > > > > > On Mon, 22 Jun 2020 11:46:55 +0100
> > > > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > > > >          
> > > > > > > >> On 22/06/2020 11:33, Enrico Morelli wrote:          
> > > > > > > >>> [global]
> > > > > > > >>> 	dns forwarder = 150.217.1.32
> > > > > > > >>> 	netbios name = FIORGEN7
> > > > > > > >>> 	realm = CERM.UNIFI.IT
> > > > > > > >>> 	server role = active directory domain controller
> > > > > > > >>> 	workgroup = CERM
> > > > > > > >>> 	idmap_ldb:use rfc2307 = yes
> > > > > > > >>> 	vfs objects = acl_xattr
> > > > > > > >>> 	map acl inherit = yes          
> > > > > > > >> Remove the last two lines, they have no place on a   
> > > DC and in  
> > > > > > > >> fact you have turned off one of the required vfs
> > > > > > > >> objects.          
> > > > > > > > Done.
> > > > > > > >          
> > > > > > > >>> [homes]
> > > > > > > >>> 	path = /home/win_shares/homes
> > > > > > > >>> 	read only = no          
> > > > > > > >> I would rename [homes] to [users], [homes] is a   
> > > special share  
> > > > > > > >> that does not require the 'path' parameter and   
> > > normally uses  
> > > > > > > >> the users Unix directory path and you are 
> using a Windows
> > > > > > > >> user home directory path.          
> > > > > > > > Done.
> > > > > > > >
> > > > > > > > All seems to be hard. Now I'm able to see security tab,
> > > > > > > > but when I select it the application crash.
> > > > > > > >
> > > > > > > > I tried to set profile but when I open Active   
> > > Directory Users  
> > > > > > > > and Computers I receive: Naming information cannot   
> > > be located  
> > > > > > > > for the following reason: The server is not operational.
> > > > > > > >
> > > > > > > > :-((
> > > > > > > >
> > > > > > > >          
> > > > > > > Firewall or Apparmor or Selinux getting in the way ?
> > > > > > > 
> > > > > > > Rowland
> > > > > > > 
> > > > > > > 
> > > > > > >         
> > > > > > 
> > > > > > I updated Windows 10 to the latest update, removed the   
> > > Windows PC  
> > > > > > from the domain and putted it again.
> > > > > > 
> > > > > > Now Active Directory Users and Computers doesn't start.
> > > > > > 
> > > > > > I'm unable to use Computer Management to perform the   
> > > steps to set  
> > > > > > home directories because it crashes.
> > > > > > 
> > > > > > I tried to set the homes using File explorer, going to   
> > > the shared  
> > > > > > resources and creating the home directory but I 
> receive that I
> > > > > > haven't permission to create a folder
> > > > > > under /home/win_shares/users.
> > > > > > 
> > > > > > Before I added my account to Unix Admins and Domain Admins. 
> > > > > > 
> > > > > > I set log level to 10 but I'm unable to see if 
> there is issues
> > > > > > scrolling thousand of lines.
> > > > > > 
> > > > > > I don't know what fish to catch anymore :-((
> > > > > >       
> > > > > 
> > > > > In the windows log events I've the following error:
> > > > > the processing of Group Policy failed. Windows could not   
> > > resolve the  
> > > > > user name. This could be caused by one of more of the
> > > > > following : a) Name Resolution failure on the current domain
> > > > > controller b) Active Directory Replication Latency
> > > > > 
> > > > >     
> > > > 
> > > > 
> > > > No ideas?
> > > > 
> > > > 
> > > >   
> > > 
> > > At the end I'll to abandon samba :-((
> > > I'm really sad
> > > 
> > > -- 
> > > -----------------------------------------------------------
> > >   Enrico Morelli
> > >   System Administrator | Programmer | Web Developer
> > > 
> > >   CERM - Polo Scientifico
> > >   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> > > ------------------------------------------------------------
> > > 
> > > -- 
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > > 
> > >   
> > 
> > 
> 
> 
> 
> -- 
> -----------------------------------------------------------
>   Enrico Morelli
>   System Administrator | Programmer | Web Developer
> 
>   CERM - Polo Scientifico
>   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> ------------------------------------------------------------
> 
> 




More information about the samba mailing list