On 2 August 2010 21:32, Alex de Kruijff <al...@specialisterren.nl> wrote: > Hi, > > I've setup a LDAP backend Samba PDC. I can gain access to shares and > > login with a user that is in LDAP, but have a prblem setting up the > roaming profile stuff. I've been trying to solve this problem for some > time now, and have tried everything I could think of, but without much > luck. I keep getting the following error messages: > > "Windows cannot locate the server copy of your roaming profile and is > attempting to log you on with your local profile. Changes to the profile > will not be copied to the server when you logoff. Plausible causes of > this error include network problem or insufficient security rights. If > this problem persists, contact your network administrators. DETAILS - > The network path was not found." > > Followed by: > > "Windows cannot find the local profile and is logging on with a tempory > profiles. Changes to this profile will be lost when you logoff." > > Here is my smb.conf: > >> [global] >> security = user >> name resolve order = wins lmhosts hosts bcast >> deadtime = 15 >> map to guest = Never >> csc policy = disable >> hosts allow = 127. 192.168. >> server string = >> workgroup = Nieuwegein >> time server = yes >> wins support = yes >> domain master = yes >> domain logons = yes >> encrypt passwords = yes >> local master = yes >> logon drive = Z: >> logon path = \\%L\profiles\%U >> preferred master = yes >> os level = 255 >> encrypt passwords = yes >> passdb backend = ldapsam:ldap://localhost/ >> enable privileges = Yes >> pam password change = yes >> passwd program = /usr/local/sbin/smbldap-passwd %u >> passwd chat = *New*password* %n\n *Retype*new*password* %n\n > > *all*authentication*tokens*updated* >> >> unix password sync = Yes >> ldap delete dn = Yes >> ldap ssl = Off >> ldap passwd sync = Yes >> ldap admin dn = cn=admin,dc=specialisterren,dc=nl >> ldap suffix = dc=specialisterren,dc=nl >> ldap group suffix = ou=Groups >> ldap idmap suffix = ou=Users >> ldap machine suffix = ou=Computers >> ldap user suffix = ou=Users >> idmap backend = ldap:ldap://localhost >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> add user script = /usr/local/sbin/smbldap-useradd -a -m "%u" >> delete user script = /usr/local/sbin/smbldap-userdel "%u" >> add group script = /usr/local/sbin/smbldap-groupadd -p "%g" >> delete group script = /usr/local/sbin/smbldap-groupdel "%g" >> add user to group script = /usr/local/sbin/smbldap-groupmod -m > > "%u" "%g" >> >> delete user from group script = /usr/local/sbin/smbldap-groupmod > > -x "%u" "%g" >> >> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" > > "%u" >> >> add machine script = /usr/local/sbin/smbldap-useradd -w "%u" >> template homedir = /home/%U >> template shell = /bin/csh >> getwd cache = yes >> socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819 >> use sendfile = yes >> mangle prefix = 6 # How to mangle Long Filenames in to 8.3 DOS >> log level = 1 >> log file = /var/log/samba/log.%m >> max log size = 50 >> syslog = 0 >> >> [template] >> # edited out, has no path >> >> [homes] >> comment = Home users >> inherit owner = yes >> dos filemode = yes >> writable = yes >> read list = @wheel @"Domain Admins" >> valid users = "%S" >> create mask = 0740 >> directory mask = 0750 >> aio read size = 16384 >> >> [netlogon] >> comment = Network Logon Service >> path = /disk/netlogon >> browseable = no >> read only = yes >> aio read size = 16384 >> >> [profiles] >> comment = Roaming Profiles Directory >> path = /disk/profiles >> administrative share = true >> browseable = no >> writable = yes >> create mask = 0600 >> directory mask = 0700 >> aio read size = 16384 >> public = yes >> # The root preexec command performs: >> # mkdir -pm 750 /disk/profiles/%U-%a; chown %U /disk/profiles/%U-%a >> # I started off without this. >> root preexec = /root/sbin/profiles.sh %U %a >> >> # edited out other shares > > ldapsearch gives me: >> >> # tester, Users, specialisterren.nl >> dn: uid=tester,ou=Users,dc=specialisterren,dc=nl >> objectClass: top >> objectClass: person >> objectClass: organizationalPerson >> objectClass: inetOrgPerson >> objectClass: posixAccount >> objectClass: shadowAccount >> objectClass: sambaSamAccount >> cn: tester >> sn: tester >> givenName: tester >> uid: tester >> uidNumber: 10005 >> gidNumber: 513 >> homeDirectory: /home/tester >> loginShell: /bin/sh >> gecos: Tes ter >> sambaLogonTime: 0 > > (Edited out the other stuff) > > I can acces \\Server\profiles, \\Server\netlogon using my tester > account. /etc/passwd contains no line with the user tester. And I can > login under SSH with the tester account. > > ll -d /disk/{netlogon,profiles}gives me: > drwxr-xr-x 2 root wheel 512 Mar 16 11:09 /disk/netlogon/ > drwxrwxrwt 2 root wheel 512 Aug 2 12:41 /disk/profiles/ > > Alex > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >
Have you installed /usr/ports/net/smbldap-tools/, although you dont need it, it helps when creating users. Do you have sambaProfilePath in your ldap? Regards _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
