Op 2-8-2010 21:26, David N schreef:
On 2 August 2010 21:32, Alex de Kruijff<al...@specialisterren.nl> wrote:
Hi,
I've setup a LDAP backend Samba PDC. I can gain access to shares and
login with a user that is in LDAP, but have a prblem setting up the
roaming profile stuff. I've been trying to solve this problem for some
time now, and have tried everything I could think of, but without much
luck. I keep getting the following error messages:
"Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Plausible causes of
this error include network problem or insufficient security rights. If
this problem persists, contact your network administrators. DETAILS -
The network path was not found."
Followed by:
"Windows cannot find the local profile and is logging on with a tempory
profiles. Changes to this profile will be lost when you logoff."
Here is my smb.conf:
[global]
security = user
name resolve order = wins lmhosts hosts bcast
deadtime = 15
map to guest = Never
csc policy = disable
hosts allow = 127. 192.168.
server string =
workgroup = Nieuwegein
time server = yes
wins support = yes
domain master = yes
domain logons = yes
encrypt passwords = yes
local master = yes
logon drive = Z:
logon path = \\%L\profiles\%U
preferred master = yes
os level = 255
encrypt passwords = yes
passdb backend = ldapsam:ldap://localhost/
enable privileges = Yes
pam password change = yes
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
unix password sync = Yes
ldap delete dn = Yes
ldap ssl = Off
ldap passwd sync = Yes
ldap admin dn = cn=admin,dc=specialisterren,dc=nl
ldap suffix = dc=specialisterren,dc=nl
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
idmap backend = ldap:ldap://localhost
idmap uid = 10000-20000
idmap gid = 10000-20000
add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
template homedir = /home/%U
template shell = /bin/csh
getwd cache = yes
socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819
use sendfile = yes
mangle prefix = 6 # How to mangle Long Filenames in to 8.3 DOS
log level = 1
log file = /var/log/samba/log.%m
max log size = 50
syslog = 0
[template]
# edited out, has no path
[homes]
comment = Home users
inherit owner = yes
dos filemode = yes
writable = yes
read list = @wheel @"Domain Admins"
valid users = "%S"
create mask = 0740
directory mask = 0750
aio read size = 16384
[netlogon]
comment = Network Logon Service
path = /disk/netlogon
browseable = no
read only = yes
aio read size = 16384
[profiles]
comment = Roaming Profiles Directory
path = /disk/profiles
administrative share = true
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
aio read size = 16384
public = yes
# The root preexec command performs:
# mkdir -pm 750 /disk/profiles/%U-%a; chown %U /disk/profiles/%U-%a
# I started off without this.
root preexec = /root/sbin/profiles.sh %U %a
# edited out other shares
ldapsearch gives me:
# tester, Users, specialisterren.nl
dn: uid=tester,ou=Users,dc=specialisterren,dc=nl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: tester
sn: tester
givenName: tester
uid: tester
uidNumber: 10005
gidNumber: 513
homeDirectory: /home/tester
loginShell: /bin/sh
gecos: Tes ter
sambaLogonTime: 0
(Edited out the other stuff)
I can acces \\Server\profiles, \\Server\netlogon using my tester
account. /etc/passwd contains no line with the user tester. And I can
login under SSH with the tester account.
ll -d /disk/{netlogon,profiles}gives me:
drwxr-xr-x 2 root wheel 512 Mar 16 11:09 /disk/netlogon/
drwxrwxrwt 2 root wheel 512 Aug 2 12:41 /disk/profiles/
Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Have you installed /usr/ports/net/smbldap-tools/, although you dont
need it, it helps when creating users.
Do you have
sambaProfilePath in your ldap?
Regards
Hi David.
Yes, I've populated the LDAP with smbldap-populate -u 10000 -g 10000 -r
0000. I did notice various entries with out of range uid and gid number.
nobody (uid 999 gid 514), domain admins (gid 512), domain users (gid
513), domain computers (gid 515), Administrator (gid 544), Account
Operators (gid 548), Print Operators (gid 550), Backup Operators (gid
551), Replicators (gid 552).
> # pkg_info | grep ldap
> nss_ldap-1.264_3 RFC 2307 NSS module
> openldap-client-2.4.18 Open source LDAP client implementation
> openldap-server-2.4.18_1 Open source LDAP server implementation
> p5-perl-ldap-0.39 A Client interface to LDAP (includes Net::LDAP)
> pam_ldap-1.8.4_1 A pam module for authenticating with LDAP
> php5-ldap-5.2.11 The ldap shared extension for php
> phpldapadmin-1.2.0.3,1 A set of PHP-scripts to administer LDAP over
the web
> smbldap-tools-0.9.5 Samba-LDAP management and support tools
> # pkg_info | grep samba
> samba-3.3.8 A free SMB and CIFS client and server for UNIX
> samba-libsmbclient-3.0.37 Shared libs from the samba package
I see I left out half of the tester entry out ldap
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> displayName: tester
> sambaSID: S-1-5-21-914212253-3526360373-1445599473-21010
> sambaPrimaryGroupSID: S-1-5-21-914212253-3526360373-1445599473-513
> sambaProfilePath: \\%L\profiles\tester
> sambaHomePath: \\%L\homes\%u
> sambaHomeDrive: Z:
> sambaNTPassword: 588FEB889288FB953B5F094D47D1565C
> sambaPwdMustChange: 1284288886
> shadowLastChange: 14819
> shadowMax: 45
> sambaPasswordHistory:
0000000000000000000000000000000000000000000000000000000000000000
> sambaPwdLastSet: 1280752203
> sambaAcctFlags: [U ]
> userPassword:: e1NTSEF9dUMzUFFUcFEzNE5CT0ZCb1hZVytXTHROUEpEU2FpeHc=
Also I'm getting these error messages:
> # cat /var/log/samba/log.wb-NIEUWEGEIN
> [2010/08/03 10:46:11, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755)
> cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_OP_RNG_ERROR received from host SERVER, pipe \lsarpc, fnum
0x7779!
> # cat /var/log/samba/log.winbindd
> [2010/08/03 10:45:39, 0] winbindd/winbindd.c:main(1126)
> winbindd version 3.3.8 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2009
> [2010/08/03 10:45:39, 0]
winbindd/winbindd_cache.c:initialize_winbindd_cache(2577)
> initialize_winbindd_cache: clearing cache and re-creating with
version number 1
> [2010/08/03 10:46:11, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755)
> cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_OP_RNG_ERROR received from host SERVER, pipe \lsarpc, fnum
0x777a!
> # cat /var/log/samba/log.winbindd-idmap
> [2010/08/03 10:45:39, 1] winbindd/idmap.c:idmap_init_passdb_domain(438)
> Could not init passdb idmap domain
> [2010/08/03 10:45:39, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
> idmap_alloc module ldap already registered!
> [2010/08/03 10:45:39, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
> idmap_alloc module tdb already registered!
> [2010/08/03 10:45:39, 0] winbindd/idmap.c:smb_register_idmap(149)
> Idmap module passdb already registered!
> [2010/08/03 10:45:39, 0] winbindd/idmap.c:smb_register_idmap(149)
> Idmap module nss already registered!
> [2010/08/03 10:45:39, 0]
winbindd/idmap_ldap.c:idmap_ldap_set_mapping(1449)
> ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 11109
mapping [gidNumber]
> [2010/08/03 10:45:39, 0]
winbindd/idmap_ldap.c:idmap_ldap_set_mapping(1451)
> ldap_set_mapping_internals: Error was: (NULL) (Already exists)
> [2010/08/03 10:46:14, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755)
> cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_OP_RNG_ERROR received from host SERVER, pipe \lsarpc, fnum
0x7779!
Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"