I've inherited a small office network I didn't build. We're running
Novell's eDirectory, and using Samba as a PDC.
Everyone's profile roams but mine.
I didn't build our smb.conf file, but I've read tutorials on roaming
profiles, and it seems to be set up correctly. I've included the text
of that file at the end of this message.
I bungled creating my account in eDirectory, deleted it, and recreated
it with the same name. In particular, I didn't have the profile
directory set up properly the first time I tried to login. I don't
know if that could have caused problems. My account seems to be set
up like the older ones now.
Also, logon.bat doesn't seem to run for me. I end up with the X:
drive mapped, but logon.bat sets up other shares for every other user
that I don't get. I see a command prompt window flash by on the
screen when I start, but it doesn't work. I tried to put a "pause" in
logon.bat, to stop the command prompt, but it flashed by just the
same.
I'm really puzzled by this. Everything I've read suggests that the
action happens in smb.conf, which doesn't differentiate between users
-- so I don't understand how I could manage to break it for one
account.
Anyway, here is my smb.conf -- we had a lot of comments from the
example file, which I've removed for brevity.
Thanks in advance.
--
#=== Global Settings =
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = DOMINION
netbios name = MAXIMUS
server string = EnsembleTravel FileServer
security = user
hosts allow = 192.168.128. 192.168.60. 127.
printing = cups
printcap name = cups
load printers = yes
log file = /usr/local/samba/var/log.%m
max log size = 500
interfaces = 192.168.128.0/24
local master = yes
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
nt acl support = yes
time server = yes
encrypt passwords = yes
obey pam restrictions = No
unix password sync = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
log level = 0
###
# this is for roaming profiles
###
logon path = \\%L\profiles\%U
###
logon script = logon.bat
logon drive = X:
passdb backend = NDS_ldapsam:ldap://mailserver.ensembletravel.net
ldap admin dn = cn=admin,ou=users,o=EnsembleTravel
ldap suffix = o=EnsembleTravel
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
# Share Definitions ==
[netlogon]
path = /usr/local/samba/netlogon
browseable = No
read only = Yes
[profiles]
path = /data/profiles
writeable = Yes
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
[homes]
comment = Home directory for %U
writeable = Yes
read only = No
browseable = No
create mask = 0700
directory mask = 0700
force directory mode = 0700
[printers]
comment = Printers
printable = Yes
path = /usr/local/samba/spool
browseable = Yes
guest ok = Yes
public = Yes
read only = Yes
writable = No
[print$]
path = /usr/local/samba/drivers
guest ok =Yes
browseable = Yes
read only = No
valid users = @"Domain Users"
write list = @"Domain Admins"
[public]
comment = Public directory
path = /data/common
public = yes
browseable = yes
guest ok = Yes
read only = No
[sales]
comment = Sales
path = /data/sales
browseable = Yes
guest ok = Yes
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
[apps]
comment = APPS
path = /data/apps
browseable = Yes
guest ok