On Tuesday 30 August 2005 16:40, [EMAIL PROTECTED] wrote: > I'm trying to set up for my small school lab: Samba as PDC, 11 > workstations running XP Pro, roaming profiles with folder redirection. > > (I finally got the workstations to join the domain by adding them by > hand--so I assume something is wrong with my add machine script, but > I'll address that issue later, since I have only the 11 XP boxes to deal > with.) > > Now I'm working on getting the user profiles to work, based on TOSHARG > chapter 23 plus Practical Exercises. But I'm not being successful, and > I'd appreciate some help:
I suggest you follow the examples in the book "Samba-3 By Example". The current version is available on-line at: http://www.samba.org/samba/docs/Samba3-ByExample.pdf The examples are all from working networks. > > My understanding is that when a user logs onto the domain for the first > time, Windows should copy the default profile from the NETLOGON share on > the Samba machine. Corect. > > (If this understanding is erroneous, please explain wherein I've > misunderstood.) > > I have added the Samba user "tobedeleted", and put an ntuser.dat file > for a default user in the /var/lib/samba/netlogon directory, which is > the path I specified in the [netlogon] share, but Windows gives an error > to the effect that the user's profile can't be found on the server, and > that it will therefore create a local profile. > > Here's the relevant section of the samba log file for that machine: > > [2005/08/30 13:39:43, 0] lib/util_sock.c:write_socket_data(430) > write_socket_data: write failure. Error = Connection reset by peer > [2005/08/30 13:39:43, 0] lib/util_sock.c:write_socket(455) > write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection > reset by peer > [2005/08/30 13:39:43, 0] lib/util_sock.c:send_smb(647) > Error writing 4 bytes to client. -1. (Connection reset by peer) > [2005/08/30 13:39:55, 0] smbd/service.c:make_connection(794) > hephaistos (192.168.1.105) couldn't find service var ^^^^^^^^^^^^^^^^^^^ See below why this error is logged! > [2005/08/30 13:40:14, 1] smbd/service.c:make_connection_snum(642) > hephaistos (192.168.1.105) connect to service netlogon initially as > user tobedeleted (uid=501, gid=501) (pid 14621) > [2005/08/30 13:40:15, 0] smbd/service.c:make_connection(794) > hephaistos (192.168.1.105) couldn't find service var > [2005/08/30 13:40:20, 1] smbd/service.c:close_cnum(830) > hephaistos (192.168.1.105) closed connection to service netlogon > [2005/08/30 13:40:21, 0] smbd/service.c:make_connection(794) > hephaistos (192.168.1.105) couldn't find service var > [2005/08/30 13:40:51, 0] smbd/service.c:make_connection(794) > hephaistos (192.168.1.105) couldn't find service var > > And here is the corresponding section of the smbd log file: > > [2005/08/30 13:39:43, 0] lib/util_sock.c:get_peer_addr(1150) > getpeername failed. Error was Transport endpoint is not connected > > I'm puzzled by the "couldn't find service var" message. Is "var" > supposed to be a service? I thought it was a directory. > > I have also copied below my smb.conf file in case it helps someone point > out my errors: > > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > workgroup = HELLAS > realm = > netbios name = ZEUS > netbios aliases = > netbios scope = > server string = Samba Server PDC > interfaces = eth0, lo > bind interfaces only = No > security = USER > auth methods = > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > hosts equiv = > min password length = 5 > map to guest = Never > null passwords = No > obey pam restrictions = No > password server = * > smb passwd file = /etc/samba/smbpasswd > private dir = /etc/samba > passdb backend = smbpasswd You really should use either tdbsam or ldapsam. smbpasswd does not store the complete set of NT4 account attributes. > algorithmic rid base = 1000 > root directory = > guest account = nobody > enable privileges = No > pam password change = No > passwd program = > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = No > passwd chat timeout = 2 > check password script = > username map = /etc/samba/smbusers > password level = 0 > username level = 0 > unix password sync = No > restrict anonymous = 0 > lanman auth = Yes > ntlm auth = Yes > client NTLMv2 auth = No > client lanman auth = Yes > client plaintext auth = Yes > preload modules = > use kerberos keytab = No > log level = 0 > syslog = 1 > syslog only = No > log file = /var/log/samba/%m.log > max log size = 50 > debug timestamp = Yes > debug hires timestamp = No > debug pid = No > debug uid = No > smb ports = 445 139 Change to: smb ports = 139 > large readwrite = Yes > max protocol = NT1 > min protocol = CORE > read bmpx = No > read raw = Yes > write raw = Yes > disable netbios = No > acl compatibility = > defer sharing violations = Yes > nt pipe support = Yes > nt status support = Yes > announce version = 4.9 > announce as = NT > max mux = 50 > max xmit = 16644 > name resolve order = wins lmhosts host bcast > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = No > unix extensions = Yes > use spnego = Yes > client signing = auto > server signing = No > client use spnego = Yes > change notify timeout = 60 > deadtime = 0 > getwd cache = Yes > keepalive = 300 > kernel change notify = Yes > lpq cache time = 30 > max smbd processes = 0 > paranoid server security = Yes > max disk size = 0 > max open files = 10000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > use mmap = Yes > hostname lookups = No > name cache timeout = 660 > load printers = Yes > printcap cache time = 0 > printcap name = /etc/printcap > cups server = > disable spoolss = No > enumports command = > addprinter command = > deleteprinter command = > show add printer wizard = Yes > os2 driver map = > mangling method = hash2 > mangle prefix = 1 > stat cache = Yes > machine password timeout = 604800 > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/userdel -r %u > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/usermod -G %g %u > delete user from group script = > set primary group script = > add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u > shutdown script = > abort shutdown script = > logon script = > logon path = \\%N\var\lib\samba\profiles\%U No! No! logon path = \\%L\profiles\%U > logon drive = > logon home = \\%N\var\lib\samba\profdata\%U No! No! logon home = \\%L\profdata\%U > domain logons = Yes > os level = 64 > lm announce = Auto > lm interval = 60 > preferred master = Yes > local master = Yes > domain master = Yes > browse list = Yes > enhanced browsing = Yes > dns proxy = No > wins proxy = No > wins server = > wins support = Yes > wins hook = > wins partners = > kernel oplocks = Yes > lock spin count = 3 > lock spin time = 10 > oplock break wait time = 0 > ldap admin dn = > ldap delete dn = No > ldap filter = (uid=%u) > ldap group suffix = > ldap idmap suffix = > ldap machine suffix = > ldap passwd sync = no > ldap replication sleep = 1000 > ldap suffix = > ldap ssl = no > ldap timeout = 15 > ldap user suffix = > add share command = > change share command = > delete share command = > config file = > preload = > lock directory = /var/cache/samba > pid directory = /var/run > utmp directory = > wtmp directory = > utmp = No > default service = > message command = > dfree command = > get quota command = > set quota command = > remote announce = > remote browse sync = > socket address = 0.0.0.0 > homedir map = auto.home > afs username map = > afs token lifetime = 604800 > log nt token command = > time offset = 0 > NIS homedir = No > panic action = > host msdfs = No > enable rid algorithm = Yes > idmap backend = > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template primary group = nobody > template homedir = /var/lib/samba/profdata/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind enable local accounts = No > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = No > comment = > path = > username = > invalid users = > valid users = > admin users = chaos > read list = > write list = > printer admin = > force user = > force group = > read only = Yes > create mask = 0744 > force create mode = 00 > security mask = 0777 > force security mode = 00 > directory mask = 0755 > force directory mode = 00 > directory security mask = 0777 > force directory security mode = 00 > force unknown acl user = No > inherit permissions = No > inherit acls = No > guest only = No > guest ok = Yes > only user = No > hosts allow = > hosts deny = > allocation roundup size = 1048576 > ea support = No > nt acl support = Yes > profile acls = No > map acl inherit = No > afs share = No > block size = 1024 > max connections = 0 > min print space = 0 > strict allocate = No > strict sync = No > sync always = No > use sendfile = No > write cache size = 0 > max reported print jobs = 0 > max print jobs = 1000 > printable = No > printing = cups > cups options = raw > print command = > lpq command = %p > lprm command = > lppause command = > lpresume command = > queuepause command = > queueresume command = > printer name = > use client driver = No > default devmode = No > force printername = No > default case = lower > case sensitive = Auto > preserve case = Yes > short preserve case = Yes > mangling char = ~ > hide dot files = Yes > hide special files = No > hide unreadable = No > hide unwriteable files = No > delete veto files = No > veto files = > hide files = > veto oplock files = > map system = No > map hidden = No > map archive = Yes > mangled names = Yes > mangled map = > store dos attributes = No > browseable = Yes > blocking locks = Yes > csc policy = manual > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = Yes > share modes = Yes > copy = > include = > preexec = > preexec close = No > postexec = > root preexec = > root preexec close = No > root postexec = > available = Yes > volume = > fstype = NTFS > set directory = No > wide links = Yes > follow symlinks = Yes > dont descend = > magic script = > magic output = > delete readonly = No > dos filemode = No > dos filetimes = Yes > dos filetime resolution = No > fake directory create times = No > vfs objects = > msdfs root = No > msdfs proxy = > > [homes] > comment = Home Directories > path = //%N/var/lib/samba/profdata/%U > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [chaos] > path = /home/chaos > valid users = chaos > read only = No > > [netlogon] > path = /var/lib/samba/netlogon > write list = @admins > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 [profdata] path = /var/lib/samba/profdata read only = no Please look over the examples in "Samba-3 By Example" Chapters 3-5. If it is not clear, contact me off-line. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
