[Samba] Roaming profiles won't roam via how-to
Hey folks, I've been testing Samba 4 with some Windows 7 virtual machines and the Active Directory how-to instructions here: http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO. As far as I can tell, the instructions work exactly as described, except when it comes to roaming profiles. When I attempt to use those, the user can log in but gets a message warning that Windows could not load their profile, and will use a temporary local one. The user sub-directories are not created automatically, and creating them manually has no effect, nor do the event logs appear to have further information. My best guess is that there is something more to do with permissions or the ACLs, but I haven't been able to pin it down. Regardless, either I or the documentation are missing something. Has anyone gotten this to work with just the how-to? Anyone ideas as to what I might have overlooked? Thank you, -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 pgpMM9lDjJM3b.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles Issues
I have a mixed enviornment of Windows 7 and Windows 8 PCs. I've noticed that Windows 7 handles profiles prefect. Windows 8 on the other hand is giving me some issues. I have tried this out in two testing enviornments, and I'm getting the same results. When I log into a Windows 8 computer from an account with no profile created yet, it goes about creating a profile. When I log out, it gives me a sync error. The Winodows log has given me no feedback. it just mentions the error. If I then log into a Windows 7 machine with the same account, it gives me an error and creates a temporary profile. If I did it the other way around and created the profile on Windows 7 machine first, it works absolutley perfect. When I log into the Windows 8 Machine, it *WILL* load the profile from the server, but it will not sync the changes back up. Whats the issue with Windows 8 and roaming profiles? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
Partial folder redirection? Why partial? Are there folders not to redirect? Yes, there are. Please excuse me for not dwelling further on that, but I simply don't have the time right now. My intention was to point you in that direction. There is plenty of information about that on the Internet, created by people who explains it much better than I possibly would. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
On 15/12/12 12:14, Thierry Lacoste wrote: (...) is there a solution to this behavior. Partial folder redirection? Why partial? Are there folders not to redirect? Regards, Thierry Try doing an internet search on folder redirection, or as microsoft now call it 'User State Virtualization' Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
> >> (...) is there a solution to this behavior. >> > > Partial folder redirection? Why partial? Are there folders not to redirect? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
On 14/12/12 04:29 PM, Aaron Wood wrote: Hello All, Today I was able to implement Samba4 as a DC with AD in a test environment. I eventually got it all working and was able to join the domain from two different virtual machines. I was also able to set up a roaming profile share and configure a user to utilize this share. My issue is that when I first logged into the domain after setting up the roaming profiles I did so from a Windows XP machine. the user's roaming directory was correctly created an all profile data stored. However, when I logged out of the Windows XP machine and logged back in from a Windows 7 machine another (totally separate) user profile directory was created with a .V2 appended to it. The two profiles do not talk to one another and exist on their own. In my opinion this cripples the roaming profile functionality unless your enter network is make up of computers using the same OS. Is this a bug, or is there a solution to this behavior. Thanks for any insight. You get the same problem in Linux - trying to share a home folder for an account where they are running different versions of the same window manager or different versions of Linux. The various resource files are not always compatible so you are out of luck trying to share everything. I wouldn't even try to get it to work. Just accept that Windows 7 profiles are different from Windows XP profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
(...) is there a solution to this behavior. Partial folder redirection? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
On Fri, 14 Dec 2012, Aaron Wood wrote: In my opinion this cripples the roaming profile functionality unless your enter network is make up of computers using the same OS. Is this a bug, or is there a solution to this behavior. It's not a bug, and there is no solution, since it is designed that way. Windows XP and Windows 7 (and others) cannot share common profiles, even if you are fully Windows all the way. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles - WinXP and Win7
Hello All, Today I was able to implement Samba4 as a DC with AD in a test environment. I eventually got it all working and was able to join the domain from two different virtual machines. I was also able to set up a roaming profile share and configure a user to utilize this share. My issue is that when I first logged into the domain after setting up the roaming profiles I did so from a Windows XP machine. the user's roaming directory was correctly created an all profile data stored. However, when I logged out of the Windows XP machine and logged back in from a Windows 7 machine another (totally separate) user profile directory was created with a .V2 appended to it. The two profiles do not talk to one another and exist on their own. In my opinion this cripples the roaming profile functionality unless your enter network is make up of computers using the same OS. Is this a bug, or is there a solution to this behavior. Thanks for any insight. -- Regards, Aaron J. Wood Vice President & Chief of Operations Sun Tire Services, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles not working
Hai, should be simple. Try this. [profiles] path = /export/home/comput/profiles comment = Profiles read only = no browseable = No create mask = 0600 directory mask = 0700 guest ok = Yes force user = %U valid users = %U AND set 777 on the /export/home/comput/profiles Greetz, Louis >-Oorspronkelijk bericht- >Van: tlparo...@gmail.com >[mailto:samba-boun...@lists.samba.org] Namens Thiago Parolin >Verzonden: donderdag 29 november 2012 14:52 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Roaming Profiles not working > >Hi all, >I need help to set roaming profiles in my network environment. >I follow the samba wiki steps from here: >https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles#Imp >lementing_Roaming_Profiles_with_Samba > >The user's creation is made by Gosa software, and the settings >are the same >in smb.conf. >If i comment all the options related with profiles in >smb.conf, the home >folder is mapped and the profile is locally created. > >My samba version is 3.6.6, using ldap backend...and the >clients machines >are XP and 7 >My testparm command, results in: > >[global] >workgroup = VMLDAP >server string = LDAP-SERVER >map to guest = Bad User >passdb backend = ldapsam:"ldap://127.0.0.1"; >syslog = 0 >log file = /var/log/samba/log.%m >debug pid = Yes >debug uid = Yes >deadtime = 10 >... >..some ldap specs >.. >logon path = \\%L\profiles\%U\%a >logon drive = X: >domain logons = Yes >os level = 64 >domain master = Yes >utmp = Yes >idmap config * : backend = tdb >admin users = root > >[netlogon] >path = /var/lib/samba/netlogon >browseable = No > >[profiles] >comment = Network Profiles Share >path = /export/home/comput/profiles >read only = No >create mask = 0600 >directory mask = 0700 >profile acls = Yes >browseable = No >csc policy = disable > >[homes] >comment = Home Directories >valid users = %S >read only = No >create mask = 0700 >directory mask = 0700 >browseable = No > > > >-- >*Thiago Luiz Parolin* >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles not working
Hi all, I need help to set roaming profiles in my network environment. I follow the samba wiki steps from here: https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles#Implementing_Roaming_Profiles_with_Samba The user's creation is made by Gosa software, and the settings are the same in smb.conf. If i comment all the options related with profiles in smb.conf, the home folder is mapped and the profile is locally created. My samba version is 3.6.6, using ldap backend...and the clients machines are XP and 7 My testparm command, results in: [global] workgroup = VMLDAP server string = LDAP-SERVER map to guest = Bad User passdb backend = ldapsam:"ldap://127.0.0.1"; syslog = 0 log file = /var/log/samba/log.%m debug pid = Yes debug uid = Yes deadtime = 10 ... ..some ldap specs .. logon path = \\%L\profiles\%U\%a logon drive = X: domain logons = Yes os level = 64 domain master = Yes utmp = Yes idmap config * : backend = tdb admin users = root [netlogon] path = /var/lib/samba/netlogon browseable = No [profiles] comment = Network Profiles Share path = /export/home/comput/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No csc policy = disable [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No -- *Thiago Luiz Parolin* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
Hi Mario, Any ideas how to implement roaming profile under Linux as the clients? pam_csync http://www.csync.org/ seems to be pretty close to a direct feature-equivalent for linux. Csync indeed seems to be the closest match I found too. Unfortunatly the project does not seems very lively, last release was in 2010 and the developpement trac interface is down... However the blog linked on the main page talked about csync recently (http://blog.cryptomilk.org/2012/03/21/synchronize-two-folders-on-a-mac-and-other-unix-systems-with-csync/) so I might still give it a try. If anyone has some experience with that, I'm interested in earing from them, especially the bad cases scenario (two sessions opens concurently, clock skew, etc.). though such a thing is not always appropriate, nfs or pam_mount will be faster and easier to maintain if you don't need the clients to be able to work off-line. In the past, I've been using nfs for home directory export but I've never have been able to make file ACL working right (share ACL, defaults ACL, usmask and all). Then I switched to CIFS mounting and the ACL issue is now resolved. However when you have 40 users with badly written userland programs pounding 'round the clock on their CIFS mounted home, it gets tought for the file server. I'd prefer for that bunch of mostly useless random io to stay locally than to be transfered to the server. Roaming profile is a pain to maintain, but mounted home share are not a solution either in my use case. note : I had some bad time with pam_mount. I would advise to use pam_script and handling the mounting in your own script, it is much more versatile and easier to debug. Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On Sun, Oct 7, 2012 at 6:44 PM, Michael Wood wrote: > On 6 October 2012 17:13, steve wrote: > > On 06/10/12 11:14, Michael Wood wrote: > On 5 October 2012 17:36, steve wrote: > >>> > >>> On 05/10/12 17:21, Michael Wood wrote: > >>> > > On 5 October 2012 13:14, steve wrote: > [...] > > > >>> [...] Linux clients map whatever the [home] > >>> share points at to the unixHomeDirectory attribute. The latter can use > >>> either winbind or nslcd to pull the info from ldap. > >>> Let me know if you need any more detail. > >> > >> That doesn't sound like a roaming profile at all. > > > > No it isn't. The bit before it was. I mentioned it as we set it at the > same > > time as the profile path in the directory. That's all. > > By "the bit before that" I assume you mean the LDAP and share changes? > That would not magically make the client do anything. In particular > it would not make them copy profiles to/from the server. That is why > I was asking about configuration and software on the client and not > the server, which you had already mentioned. > > Anyway, from what you and Rowland have said that is not possible with > Linux clients. Of course roaming profiles may not be what you want > and you could instead access everything directly over the network > using e.g. NFS4 as you say. > > -- > Michael Wood > -- > Thank you guys. You give me ideas on the alternative coz as you said it is not possible. Suppose to be I want the a particular user account's profiles, the same regardless where he/she login on a workstations (either Windows or Linux). As far I read some articles it loads faster when you first login on a new workstation (I dunno know if it really true as of the moment). At the same time backup of files on the server side. I use winbind and modify some configurations on the pam.d. I dunno have idea yet of Samba4 ldap. I bit confused on it, unless some will give idea on it. Do I need to setup ldap clients? and/or the correct configurations? coz in samba3 (as DC) you need it to pull out the data via TLS to make it secure. On Mon, Oct 8, 2012 at 4:32 AM, Chris Weiss wrote: >pam_csync http://www.csync.org/ seems to be pretty close to a direct >feature-equivalent for linux. >though such a thing is not always appropriate, nfs or pam_mount will >be faster and easier to maintain if you don't need the clients to be >able to work off-line. I will try to use it, among those three if which is more efficient, pam_csync, nfs or pam_mount. Thanks again for the information. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On Thu, Oct 4, 2012 at 10:29 PM, Mario Codeniera wrote: > > Any ideas how to implement roaming profile under Linux as the clients? pam_csync http://www.csync.org/ seems to be pretty close to a direct feature-equivalent for linux. though such a thing is not always appropriate, nfs or pam_mount will be faster and easier to maintain if you don't need the clients to be able to work off-line. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 6 October 2012 17:13, steve wrote: > On 06/10/12 11:14, Michael Wood wrote: >> >> On 5 October 2012 17:36, steve wrote: >>> >>> On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] > >>> [...] Linux clients map whatever the [home] >>> share points at to the unixHomeDirectory attribute. The latter can use >>> either winbind or nslcd to pull the info from ldap. >>> Let me know if you need any more detail. >> >> That doesn't sound like a roaming profile at all. > > No it isn't. The bit before it was. I mentioned it as we set it at the same > time as the profile path in the directory. That's all. By "the bit before that" I assume you mean the LDAP and share changes? That would not magically make the client do anything. In particular it would not make them copy profiles to/from the server. That is why I was asking about configuration and software on the client and not the server, which you had already mentioned. Anyway, from what you and Rowland have said that is not possible with Linux clients. Of course roaming profiles may not be what you want and you could instead access everything directly over the network using e.g. NFS4 as you say. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:32, Rowland Penny wrote: On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. Hi We use NFS4 to mount the samba share directories on the Linux clients. If you want, you could also mount the profiles share so that your users had access to whatever was on e.g. their windows desktop too. As we have more Linux clients than windows, I try to encourage users to store stuff in their home folder rather than in their windows profile. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. No it isn't. The bit before it was. I mentioned it as we set it at the same time as the profile path in the directory. That's all. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 17:36, steve wrote: > On 05/10/12 17:21, Michael Wood wrote: >> >> On 5 October 2012 13:14, steve wrote: >> [...] >>> >>> Hi >>> It's working here with Version 4.0.0rc3-GIT-56ffe75 >>> >>> All we do to set up the roaming profile on Linux is to add the attribute: >>> profilePath: \\server\profiles\steve2 >>> to the user DN entry in LDAP. >>> >>> and whilst we're there we also map his windows home directory to his >>> Linux >>> home directory: >>> homeDrive: Z: >>> homeDirectory: \\server\home\steve2 >>> >>> Make sure that the profiles share is writeable by the users. We chmod >>> 1777'd >>> it. >>> >>> HTH >>> Steve >> >> I've never looked at this and don't need it now, but I'm interested. >> How is this implemented on client? > > [...] Linux clients map whatever the [home] > share points at to the unixHomeDirectory attribute. The latter can use > either winbind or nslcd to pull the info from ldap. > Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? The above is what ADUC adds to the directory when you fill in the fields on the profile tab for a user. It's quicker to use a little script around samba-tool user add and add the attributes on the Linux AD machine rather than use ADUC. You just need ldbmodify and the (in this example) the [home] and [profiles] shares in smb.conf. Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 13:14, steve wrote: [...] > Hi > It's working here with Version 4.0.0rc3-GIT-56ffe75 > > All we do to set up the roaming profile on Linux is to add the attribute: > profilePath: \\server\profiles\steve2 > to the user DN entry in LDAP. > > and whilst we're there we also map his windows home directory to his Linux > home directory: > homeDrive: Z: > homeDirectory: \\server\home\steve2 > > Make sure that the profiles share is writeable by the users. We chmod 1777'd > it. > > HTH > Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 09:44, Denis Cardon wrote: Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles under Linux clients
Hi, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
On Tue, Mar 27, 2012 at 9:01 AM, Sean Crosby wrote: > Hi Simon, > >> However, a user login in which the profile is defined to be on a samba >> server that is not the PDC never gets a roaming profile -- instead the > user >> always gets a temporary profile. Looking at the Windows logs, it is >> complaining about a permissions issue. However, once logged in (with the >> temporary profile), that user can create and modify files in the profile >> directory. I have turned logging level to 3, but I don't see anything >> useful. > > I have had the same issue as well. I had to run a regkey on each client to > disable profile permission checking. The reg key is below: > > Windows Registry Editor Version 5.00 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > "CompatibleRUPSecurity"=dword:0001 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] > "CompatibleRUPSecurity"=dword:0001 > > Once you run that, your clients should be able to get their roaming profile I recently ran into a similar issue that was solved by adding "nt acl support = yes" to my [profiles] share. Not sure if that's related but thought I'd share just in case. Took me half a day looking at one of my working systems and the one that was failing till I finally noticed that entry. -- Paul Dugas • p...@dugas.cc • +1.404.932.1355 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles not being loaded
Hi Simon, > However, a user login in which the profile is defined to be on a samba > server that is not the PDC never gets a roaming profile -- instead the user > always gets a temporary profile. Looking at the Windows logs, it is > complaining about a permissions issue. However, once logged in (with the > temporary profile), that user can create and modify files in the profile > directory. I have turned logging level to 3, but I don't see anything > useful. I have had the same issue as well. I had to run a regkey on each client to disable profile permission checking. The reg key is below: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "CompatibleRUPSecurity"=dword:0001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity"=dword:0001 Once you run that, your clients should be able to get their roaming profile Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles not being loaded
I tried to build a setup to model and hence learn how to configure samba servers for the setup that I described below. However, a user login in which the profile is defined to be on a samba server that is not the PDC never gets a roaming profile -- instead the user always gets a temporary profile. Looking at the Windows logs, it is complaining about a permissions issue. However, once logged in (with the temporary profile), that user can create and modify files in the profile directory. I have turned logging level to 3, but I don't see anything useful. The PDC is running SAMBA 3.5.11, while the other server (modeling the fileserver in the proposed network) is running SAMBA 3.5.10. The usernames exist in the /etc/passwd files on both machines (although I think that I should not need this if I can get winbindd working properly). Home directories for the suers exist on both machines. Some specifics: 1. smb.conf from the "fileserver" (Not the PDC, but the machine where the profile directories are found): [global] workgroup = MATTHEWS server string = Samba Server Version %v netbios name = sambatest log file = /var/log/samba/log.%m max log size = 50 log level = 3 security = domain passdb backend = tdbsam password server = firewall idmap backend = tdb idmap uid = 9000- idmap gid = 9000- local master = no load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [profiles] comment = profiles path = /export/profiles browseable = yes guest ok = yes smb.conf from the PDC: [global] workgroup = MATTHEWS netbios aliases = SERVER, firewall, newfirewall server string = Samba Server %v interfaces = 192.168.89.1, 127.0.0.1, 192.168.89.2, 192.168.89.6, 10.9.0.1 bind interfaces only = Yes security = user log file = /var/log/samba3/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap os level = 90 preferred master = Yes domain master = Yes domain logons = yes dns proxy = No wins server = 192.168.89.1 wins support = Yes admin users = root, simon, @wheel hosts allow = 192.168.0.0/255.255.0.0, 10.8.0.0/24 hosts deny = 0.0.0.0/0 passdb backend = tdbsam logon path = \\%N\profiles\%U logon home = \\firewall\%U\winprofile [profiles] comment = profiles path = /export/profiles read only = No [homes] comment = Home Directories path = /home/%u read only = No [allhomes] comment = Home Directories path = /home guest ok = Yes [print$] path = /var/lib/samba/printers guest ok = Yes [CD] path = /mnt/cdrom/ guest ok = Yes [certs] path = /home/certs guest ok = Yes [pub] path = /home/pub read only = No guest ok = Yes [HP] comment = HP Printer path = /tmp guest ok = Yes printable = Yes print command = lpr -P HP -oraw -r -l %s lpq command = lpq -P'HP' lprm command = lprm -P'HP' %j use client driver = Yes [Laser] path = /tmp printable = Yes pdb data for user that cannot get a profile: pdbedit -v simontest Unix username:simontest NT username: Account Flags:[U ] User SID: S-1-5-21-812011073-3920078087-27638135-1004 Primary Group SID:S-1-5-21-812011073-3920078087-27638135-513 Full Name: Home Directory: \\firewall\simontest\winprofile HomeDir Drive: Logon Script: Profile Path: \\sambatest\profiles\simontest Domain: MATTHEWS Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 07:06:39 PST Kickoff time: Wed, 06 Feb 2036 07:06:39 PST Password last set:Sat, 24 Mar 2012 15:09:20 PDT Password can change: Sat, 24 Mar 2012 15:09:20 PDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF Does anyone have any suggestions on what might be wrong? If it needs entries from the log files, I can add these. Simon On Sat, Mar 24, 2012 at 12:09 PM, Simon Matthews wrote: > I currently have a server which is both the PDC for my domain and the file > server for the network. > > I need to split these functions and move the PDC function to another box, > while leaving the original server as the file server on which home > directories and roaming profiles are stored. User credentials are stored in > a tdbsam database and I am running Samba 3.5. > > Does anyone have any pointers on what to move and any potential pitfalls > in the process? I have always used the same machine for both the PDC and > file server, so this is somewhat unknown territory for me. I assume that > the file server will still
Re: [Samba] roaming profiles - one file can't be copied to server
Hai, try this [profiles] path = /bacula/samba/profile comment = Profildateien read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable profile acls = no force user = %U # next line allows the user and administrators to access all profiles valid users = %U @"Domain Admins" >-Oorspronkelijk bericht- >Van: be...@bazuin.nl [mailto:samba-boun...@lists.samba.org] >Namens L.P.H. van Belle >Verzonden: 2011-04-13 08:19 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] roaming profiles - one file can't be >copied to server > >Hi, > >what is the error message ? >if i guess.. > >Look for .TMP files in the users profile folder. >delete them when the user is logged in. >Let the user logout again and see if its happens again. > >i have these extra lines in the profiles in smb.conf >csc policy = disable >force user = %U ># next line allows administrator to access all profiles >valid users = %U @"Domain Admins" > >Louis > >>-Oorspronkelijk bericht- >>Van: j.ech...@elektro-mayer-echter.de >>[mailto:samba-boun...@lists.samba.org] Namens J. Echter >>Verzonden: 2011-04-12 19:17 >>Aan: samba@lists.samba.org >>Onderwerp: [Samba] roaming profiles - one file can't be copied >>to server >> >>Hi, >> >>i have a Ubuntu x64 10.04 Server. Samba configured as PDC. >>Since today i experience that roaming prfiles can't copy one >>file to the >>server and shout an error message. >> >>It's no specific file, mostly its one in my Thunderbird Profile. >> >>Does anybody know what could this cause to happen? >> >>My smb.conf: >> >>[global] >> printing = bsd >> netbios name = PDC >> server string = PDC (%h) >> workgroup = workgroup >> interfaces = eth0,lo >> security = user >> encrypt passwords = true >> map to guest = bad user >> local master = yes >> preferred master = yes >> domain master = yes >> domain logons = yes >> add user script = /usr/sbin/useradd -m '%u' -g ntusers -G >ntusers -s >>/bin/false >> delete user script = /usr/sbin/userdel -r '%u' >> add group script = /usr/sbin/groupadd '%g' >> delete group script = /usr/sbin/groupdel '%g' >> add user to group script = /usr/sbin/usermod -G '%g' '%u' >> add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s >>/bin/false -M %u >> logon path = \\%L\profile\%U >> logon script = logon.bat >> hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ >> panic action = /usr/share/samba/panic-action %d >> >>#=== Share Definitions === >>[homes] >> comment = Home Directories >> browseable = no >> writeable = yes >> >>[profile] >> comment = Profildateien >> path = /bacula/samba/profile >> guest ok = yes >> browseable = no >> create mask = 0600 >> directory mask = 0700 >> writeable = yes >> profile acls = yes >> >>[netlogon] >> comment = Network Logon Service >> path = /bacula/samba/netlogon >> guest ok = yes >> writeable = no >> share modes = no >> browseable = no >> >> >>any hints about that? >> >>greetings >> >>juergen >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 12.04.2011 19:16, schrieb J. Echter: Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen ah and here a snippet from log.smbd [2011/04/13 17:04:55, 0] lib/util_sock.c:539(read_fd_with_timeout) [2011/04/13 17:04:55, 0] lib/util_sock.c:1498(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 12.04.2011 19:16, schrieb J. Echter: Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen Hi, i found another hint. I recently had created a directory with a user and copied some files into that. As im logging out now, the newly created file couldn't be copied to my profiles dir --> file already in use. any hints? greetings juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 13.04.2011 08:19, schrieb L.P.H. van Belle: Hi, what is the error message ? if i guess.. Look for .TMP files in the users profile folder. delete them when the user is logged in. Let the user logout again and see if its happens again. i have these extra lines in the profiles in smb.conf csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" Louis -Oorspronkelijk bericht- Van: j.ech...@elektro-mayer-echter.de [mailto:samba-boun...@lists.samba.org] Namens J. Echter Verzonden: 2011-04-12 19:17 Aan: samba@lists.samba.org Onderwerp: [Samba] roaming profiles - one file can't be copied to server Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba about the error message: Windows tells me that one file can't be written to server because its already in use, i have that on every computer. As i said its no specific file, but mostly from my thunderbird profile directorys. I checked twice that no one was logged in as i started testing this. i also moved the profile dir temp to another dir and tried to see whats happening when i logout. it starts copying files over complains about a file, finished with errors. strange. greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Hi, what is the error message ? if i guess.. Look for .TMP files in the users profile folder. delete them when the user is logged in. Let the user logout again and see if its happens again. i have these extra lines in the profiles in smb.conf csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" Louis >-Oorspronkelijk bericht- >Van: j.ech...@elektro-mayer-echter.de >[mailto:samba-boun...@lists.samba.org] Namens J. Echter >Verzonden: 2011-04-12 19:17 >Aan: samba@lists.samba.org >Onderwerp: [Samba] roaming profiles - one file can't be copied >to server > >Hi, > >i have a Ubuntu x64 10.04 Server. Samba configured as PDC. >Since today i experience that roaming prfiles can't copy one >file to the >server and shout an error message. > >It's no specific file, mostly its one in my Thunderbird Profile. > >Does anybody know what could this cause to happen? > >My smb.conf: > >[global] > printing = bsd > netbios name = PDC > server string = PDC (%h) > workgroup = workgroup > interfaces = eth0,lo > security = user > encrypt passwords = true > map to guest = bad user > local master = yes > preferred master = yes > domain master = yes > domain logons = yes > add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s >/bin/false > delete user script = /usr/sbin/userdel -r '%u' > add group script = /usr/sbin/groupadd '%g' > delete group script = /usr/sbin/groupdel '%g' > add user to group script = /usr/sbin/usermod -G '%g' '%u' > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s >/bin/false -M %u > logon path = \\%L\profile\%U > logon script = logon.bat > hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ > panic action = /usr/share/samba/panic-action %d > >#=== Share Definitions === >[homes] > comment = Home Directories > browseable = no > writeable = yes > >[profile] > comment = Profildateien > path = /bacula/samba/profile > guest ok = yes > browseable = no > create mask = 0600 > directory mask = 0700 > writeable = yes > profile acls = yes > >[netlogon] > comment = Network Logon Service > path = /bacula/samba/netlogon > guest ok = yes > writeable = no > share modes = no > browseable = no > > >any hints about that? > >greetings > >juergen >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles - one file can't be copied to server
Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles Configuration
Yes that is where my setup stores its roaming profiles. If you would like to see my smb.conf send me an email off list Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: Ryan Leimenstoll Sender: samba-boun...@lists.samba.org Date: Tue, 29 Mar 2011 22:06:01 To: Subject: Re: [Samba] Roaming Profiles Configuration I tried Resara, but permissions still aren't honored. I can easily view and edit other users files that are on the share, as well as change permissions. Is it possible to have each roaming profile stored on the Homes share accessible to only that user? Thanks On Tue, Mar 29, 2011 at 7:20 AM, Daniel Müller wrote: > If you are talking about samba4!? just use the microsoft ads tools to > gave the user rights according to your needs. > Or look for http://www.resara.org > > Good luck > Daniel > > > On Mon, 28 Mar 2011 17:18:04 -0400, Ryan Leimenstoll > wrote: > > Now, I cannot access the share at all, I'd imagine because my samba4 > users > > are not local users, but are stored in the Samba4 "Active Directory" > > database. Is there anyway I can have Samba4 let each Samba user have his > > own > > files not viewable by others on a share? Thus > > > > On Sun, Mar 27, 2011 at 2:55 PM, Mark Shields > wrote: > > > >> On Sun, Mar 27, 2011 at 12:21 PM, Ryan Leimenstoll > >> wrote: > >> > >>> Hello all! I am new to the mailing lists, as well as Samba. I was > >>> looking > >>> for an Active Directory alternative for linux, and finally landed on > >>> Samba4. > >>> My installation is alpha12, installed via apt on Ubuntu 10.10. I am > >>> trying > >>> to create roaming profiles, however, if "path = /UserData" then the > >>> profiles > > > > >>> are viewable from every user account by simple accessing " > >>> example.samdom.com/profiles" My next thought (given research I saw on > >>> Samba3) was to set it to "path = /UserData/%U", however then clients > >>> cannot > >>> connect to the profiles share at all. I am trying to have the user's > >>> data > >>> only available through his account without creating a new share for > >>> every > >>> single user manually. Any help with this would be greatly appreciated! > >>> > >>> Ryan > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >>> > >> > >> Like Windows Sharing, Samba sharing also requires appropriate local > >> permissions; in other words, if you make each user's profile directory > >> owned > >> to that local user, and remove group/everyone access (chmod 700), you > >> should > >> get exactly what you want. > >> > >> > >> - Mark Shields > >> > Wouldn't that allow users to still access other files on the share from a UNIX system or other machine not bound to the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles Configuration
I tried Resara, but permissions still aren't honored. I can easily view and edit other users files that are on the share, as well as change permissions. Is it possible to have each roaming profile stored on the Homes share accessible to only that user? Thanks On Tue, Mar 29, 2011 at 7:20 AM, Daniel Müller wrote: > If you are talking about samba4!? just use the microsoft ads tools to > gave the user rights according to your needs. > Or look for http://www.resara.org > > Good luck > Daniel > > > On Mon, 28 Mar 2011 17:18:04 -0400, Ryan Leimenstoll > wrote: > > Now, I cannot access the share at all, I'd imagine because my samba4 > users > > are not local users, but are stored in the Samba4 "Active Directory" > > database. Is there anyway I can have Samba4 let each Samba user have his > > own > > files not viewable by others on a share? Thus > > > > On Sun, Mar 27, 2011 at 2:55 PM, Mark Shields > wrote: > > > >> On Sun, Mar 27, 2011 at 12:21 PM, Ryan Leimenstoll > >> wrote: > >> > >>> Hello all! I am new to the mailing lists, as well as Samba. I was > >>> looking > >>> for an Active Directory alternative for linux, and finally landed on > >>> Samba4. > >>> My installation is alpha12, installed via apt on Ubuntu 10.10. I am > >>> trying > >>> to create roaming profiles, however, if "path = /UserData" then the > >>> profiles > > > > >>> are viewable from every user account by simple accessing " > >>> example.samdom.com/profiles" My next thought (given research I saw on > >>> Samba3) was to set it to "path = /UserData/%U", however then clients > >>> cannot > >>> connect to the profiles share at all. I am trying to have the user's > >>> data > >>> only available through his account without creating a new share for > >>> every > >>> single user manually. Any help with this would be greatly appreciated! > >>> > >>> Ryan > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >>> > >> > >> Like Windows Sharing, Samba sharing also requires appropriate local > >> permissions; in other words, if you make each user's profile directory > >> owned > >> to that local user, and remove group/everyone access (chmod 700), you > >> should > >> get exactly what you want. > >> > >> > >> - Mark Shields > >> > Wouldn't that allow users to still access other files on the share from a UNIX system or other machine not bound to the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles Configuration
If you are talking about samba4!? just use the microsoft ads tools to gave the user rights according to your needs. Or look for http://www.resara.org Good luck Daniel On Mon, 28 Mar 2011 17:18:04 -0400, Ryan Leimenstoll wrote: > Now, I cannot access the share at all, I'd imagine because my samba4 users > are not local users, but are stored in the Samba4 "Active Directory" > database. Is there anyway I can have Samba4 let each Samba user have his > own > files not viewable by others on a share? Thus > > On Sun, Mar 27, 2011 at 2:55 PM, Mark Shields wrote: > >> On Sun, Mar 27, 2011 at 12:21 PM, Ryan Leimenstoll >> wrote: >> >>> Hello all! I am new to the mailing lists, as well as Samba. I was >>> looking >>> for an Active Directory alternative for linux, and finally landed on >>> Samba4. >>> My installation is alpha12, installed via apt on Ubuntu 10.10. I am >>> trying >>> to create roaming profiles, however, if "path = /UserData" then the >>> profiles >>> are viewable from every user account by simple accessing " >>> example.samdom.com/profiles" My next thought (given research I saw on >>> Samba3) was to set it to "path = /UserData/%U", however then clients >>> cannot >>> connect to the profiles share at all. I am trying to have the user's >>> data >>> only available through his account without creating a new share for >>> every >>> single user manually. Any help with this would be greatly appreciated! >>> >>> Ryan >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> Like Windows Sharing, Samba sharing also requires appropriate local >> permissions; in other words, if you make each user's profile directory >> owned >> to that local user, and remove group/everyone access (chmod 700), you >> should >> get exactly what you want. >> >> >> - Mark Shields >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles Configuration
Now, I cannot access the share at all, I'd imagine because my samba4 users are not local users, but are stored in the Samba4 "Active Directory" database. Is there anyway I can have Samba4 let each Samba user have his own files not viewable by others on a share? Thus On Sun, Mar 27, 2011 at 2:55 PM, Mark Shields wrote: > On Sun, Mar 27, 2011 at 12:21 PM, Ryan Leimenstoll wrote: > >> Hello all! I am new to the mailing lists, as well as Samba. I was looking >> for an Active Directory alternative for linux, and finally landed on >> Samba4. >> My installation is alpha12, installed via apt on Ubuntu 10.10. I am trying >> to create roaming profiles, however, if "path = /UserData" then the >> profiles >> are viewable from every user account by simple accessing " >> example.samdom.com/profiles" My next thought (given research I saw on >> Samba3) was to set it to "path = /UserData/%U", however then clients >> cannot >> connect to the profiles share at all. I am trying to have the user's data >> only available through his account without creating a new share for every >> single user manually. Any help with this would be greatly appreciated! >> >> Ryan >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > Like Windows Sharing, Samba sharing also requires appropriate local > permissions; in other words, if you make each user's profile directory owned > to that local user, and remove group/everyone access (chmod 700), you should > get exactly what you want. > > > - Mark Shields > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles Configuration
Hello all! I am new to the mailing lists, as well as Samba. I was looking for an Active Directory alternative for linux, and finally landed on Samba4. My installation is alpha12, installed via apt on Ubuntu 10.10. I am trying to create roaming profiles, however, if "path = /UserData" then the profiles are viewable from every user account by simple accessing " example.samdom.com/profiles" My next thought (given research I saw on Samba3) was to set it to "path = /UserData/%U", however then clients cannot connect to the profiles share at all. I am trying to have the user's data only available through his account without creating a new share for every single user manually. Any help with this would be greatly appreciated! Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles and delete files reappearing.
From: Andrea Venturoli > What happens is: > _ a laptop user disconnects from the network (so the local and server > profiles >are fully synchronized); > _ at home [s]he deletes some files; > _ back in the office, he connects to the net and logons; > _ Windows copies everything missing back from the net, so what [s]he deleted >is there again. Almost same here, but on even older samba (3.0.28)... Almost same because, while the deleted files are still present on the server, they do not get synced back to the client... I also had an issue with the nvidia service bug prior to that... JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye & Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye & Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye & Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba roaming profiles not working
On Sun, 2010-09-19 at 23:11 -0400, Gary Dale wrote: > On 19/09/10 07:55 PM, Philippe LeCavalier wrote: > > Gary, > > > > On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote: > > > > > I've been at this for hours now and am still not getting it to > > > work. I've been through the lists trying to find an answer and so > > > far as I can tell, everything is configured OK. Obviously it's not, > > > but I'm stuck. > > > > > > I recently installed Squeeze on my home server, overwriting a Lenny > > > installation. I've been able to add my NT (Windows XP/Pro) domain > > > accounts back in and pdbedit shows the expected values - e.g.: > > > > > > r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix > > > username: garydale NT username: Account Flags: [U ] User SID: > > > S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: > > > S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale > > > Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon > > > Script: Profile Path: \\whenim64\home\samba\profiles\garydale > > > Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon > > > time: 0 Logoff time: 9223372036854775807 seconds since the Epoch > > > Kickoff time: 9223372036854775807 seconds since the Epoch Password > > > last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, > > > 15 Sep 2010 14:05:50 EDT Password must change: never Last bad > > > password : 0 Bad password count : 0 Logon hours : > > > FF > > > > ^What's this?^ > That's the pdbedit output from the command at the start of the section Gotcha. > > > > > > > > > However, although I can log on, I can't get the roaming profiles > > > working. I get the "windows cannot locate the server copy of your > > > roaming profile" message. Since my Unix account names/numbers are > > > the same and the profiles are in the previously working /home > > > folder that didn't get touched, I can't see how it''s a permissions > > > problem. Noneheless, I removed an old profile which should have let > > > WIndows create a new one. It didn't. I still got the same error. > > > > > > I did have to reinstate the groupmaps (don't know why the samba > > > install doesn't do this) but they seem OK. > > > > > > r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins > > > (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain > > > Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users > > > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> > > > nogroup Domain Computers > > > (S-1-5-21-832165970-4128531365-4003982369-515) -> machines > > > > > > My smb.conf tests OK with testparm. SWAT reports all the daemons > > > are running. I can map shares (with read/write) without needing > > > extra authentication. > > > > > > My smb.conf (minus the shares & printers) is: > > > > [...] > > > > > logon path = \\%N\home\samba\profiles\%U > > > > In 'man smb.conf' > > > > Windows clients can sometimes maintain a connection to the [homes] > > share, even though there is no user logged in. Therefore, it is > > vital that the logon path does not include a reference to the homes > > share (i.e. setting this parameter to \\%N\homes \profile_path will > > cause problems). [...] If you want profiles stored in the home dir > > use the default setting ie \ \%N\%U\Profile > > > > > > [Profiles] profile acls = yes create mode = 0600 directory mode = > > > 0700 path = /home/samba/profiles > > > > Set this to \\%N\%U\Profile OR edit [global] to the reflect this. > > Either way, it needs to be identical and fall within an allowable > > setting. > > > > May I also add that in my opinion you've gone a little overboard > > with the settings in [global] I've been using Samba as a DC for many > > years and have never needed to change so many settings. I would > > suggest starting with defaults and editing as needed...Just a > > thought. > > > > Cheers, Phil > > Actually the [global] settings are pretty much the defaults. Possibly > it's a Debian thing or the way SWAT leaves it. I added the add machine > script and changed the logon path. Didn't consider SWAT. You're right, SWAT does add allot. > > It turned out you were right about the duplication of the path between > logon path and the profiles share. Removing the duplicated path from the > logon path fixed it. I knew it was something stupid that I was missing. :) > > Thanks. You're welcome. Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba roaming profiles not working
On 19/09/10 07:55 PM, Philippe LeCavalier wrote: Gary, On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote: > I've been at this for hours now and am still not getting it to > work. I've been through the lists trying to find an answer and so > far as I can tell, everything is configured OK. Obviously it's not, > but I'm stuck. > > I recently installed Squeeze on my home server, overwriting a Lenny > installation. I've been able to add my NT (Windows XP/Pro) domain > accounts back in and pdbedit shows the expected values - e.g.: > > r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix > username: garydale NT username: Account Flags: [U ] User SID: > S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: > S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale > Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon > Script: Profile Path: \\whenim64\home\samba\profiles\garydale > Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon > time: 0 Logoff time: 9223372036854775807 seconds since the Epoch > Kickoff time: 9223372036854775807 seconds since the Epoch Password > last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, > 15 Sep 2010 14:05:50 EDT Password must change: never Last bad > password : 0 Bad password count : 0 Logon hours : > FF ^What's this?^ That's the pdbedit output from the command at the start of the section > > However, although I can log on, I can't get the roaming profiles > working. I get the "windows cannot locate the server copy of your > roaming profile" message. Since my Unix account names/numbers are > the same and the profiles are in the previously working /home > folder that didn't get touched, I can't see how it''s a permissions > problem. Noneheless, I removed an old profile which should have let > WIndows create a new one. It didn't. I still got the same error. > > I did have to reinstate the groupmaps (don't know why the samba > install doesn't do this) but they seem OK. > > r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins > (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain > Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> > nogroup Domain Computers > (S-1-5-21-832165970-4128531365-4003982369-515) -> machines > > My smb.conf tests OK with testparm. SWAT reports all the daemons > are running. I can map shares (with read/write) without needing > extra authentication. > > My smb.conf (minus the shares & printers) is: [...] > logon path = \\%N\home\samba\profiles\%U In 'man smb.conf' Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged in. Therefore, it is vital that the logon path does not include a reference to the homes share (i.e. setting this parameter to \\%N\homes \profile_path will cause problems). [...] If you want profiles stored in the home dir use the default setting ie \ \%N\%U\Profile > [Profiles] profile acls = yes create mode = 0600 directory mode = > 0700 path = /home/samba/profiles Set this to \\%N\%U\Profile OR edit [global] to the reflect this. Either way, it needs to be identical and fall within an allowable setting. May I also add that in my opinion you've gone a little overboard with the settings in [global] I've been using Samba as a DC for many years and have never needed to change so many settings. I would suggest starting with defaults and editing as needed...Just a thought. Cheers, Phil Actually the [global] settings are pretty much the defaults. Possibly it's a Debian thing or the way SWAT leaves it. I added the add machine script and changed the logon path. It turned out you were right about the duplication of the path between logon path and the profiles share. Removing the duplicated path from the logon path fixed it. I knew it was something stupid that I was missing. :) Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba roaming profiles not working
Gary, On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote: > I've been at this for hours now and am still not getting it to work. > I've been through the lists trying to find an answer and so far as I can > tell, everything is configured OK. Obviously it's not, but I'm stuck. > > I recently installed Squeeze on my home server, overwriting a Lenny > installation. I've been able to add my NT (Windows XP/Pro) domain > accounts back in and pdbedit shows the expected values - e.g.: > > r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale > Unix username: garydale > NT username: > Account Flags: [U ] > User SID: S-1-5-21-832165970-4128531365-4003982369-1002 > Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513 > Full Name: Gary Dale > Home Directory: \\whenim64\home\garydale > HomeDir Drive: m: > Logon Script: > Profile Path: \\whenim64\home\samba\profiles\garydale > Domain: RAHIM-DALE > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: 9223372036854775807 seconds since the Epoch > Kickoff time: 9223372036854775807 seconds since the Epoch > Password last set: Wed, 15 Sep 2010 14:05:50 EDT > Password can change: Wed, 15 Sep 2010 14:05:50 EDT > Password must change: never > Last bad password : 0 > Bad password count : 0 > Logon hours : FF ^What's this?^ > > However, although I can log on, I can't get the roaming profiles > working. I get the "windows cannot locate the server copy of your > roaming profile" message. Since my Unix account names/numbers are the > same and the profiles are in the previously working /home folder that > didn't get touched, I can't see how it''s a permissions problem. > Noneheless, I removed an old profile which should have let WIndows > create a new one. It didn't. I still got the same error. > > I did have to reinstate the groupmaps (don't know why the samba install > doesn't do this) but they seem OK. > > r...@whenim64:/home/samba/profiles# net groupmap list > Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins > Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup > Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) -> machines > > My smb.conf tests OK with testparm. SWAT reports all the daemons are > running. I can map shares (with read/write) without needing extra > authentication. > > My smb.conf (minus the shares & printers) is: [...] > logon path = \\%N\home\samba\profiles\%U In 'man smb.conf' Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged in. Therefore, it is vital that the logon path does not include a reference to the homes share (i.e. setting this parameter to \\%N\homes \profile_path will cause problems). [...] If you want profiles stored in the home dir use the default setting ie \ \%N\%U\Profile > [Profiles] > profile acls = yes > create mode = 0600 > directory mode = 0700 > path = /home/samba/profiles Set this to \\%N\%U\Profile OR edit [global] to the reflect this. Either way, it needs to be identical and fall within an allowable setting. May I also add that in my opinion you've gone a little overboard with the settings in [global] I've been using Samba as a DC for many years and have never needed to change so many settings. I would suggest starting with defaults and editing as needed...Just a thought. Cheers, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba roaming profiles not working
I've been at this for hours now and am still not getting it to work. I've been through the lists trying to find an answer and so far as I can tell, everything is configured OK. Obviously it's not, but I'm stuck. I recently installed Squeeze on my home server, overwriting a Lenny installation. I've been able to add my NT (Windows XP/Pro) domain accounts back in and pdbedit shows the expected values - e.g.: r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix username: garydale NT username: Account Flags: [U ] User SID: S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon Script: Profile Path: \\whenim64\home\samba\profiles\garydale Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, 15 Sep 2010 14:05:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF However, although I can log on, I can't get the roaming profiles working. I get the "windows cannot locate the server copy of your roaming profile" message. Since my Unix account names/numbers are the same and the profiles are in the previously working /home folder that didn't get touched, I can't see how it''s a permissions problem. Noneheless, I removed an old profile which should have let WIndows create a new one. It didn't. I still got the same error. I did have to reinstate the groupmaps (don't know why the samba install doesn't do this) but they seem OK. r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) -> machines My smb.conf tests OK with testparm. SWAT reports all the daemons are running. I can map shares (with read/write) without needing extra authentication. My smb.conf (minus the shares & printers) is: [global] workgroup = RAHIM-DALE server string = %h server obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword$ unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -d /var/lib/nobody -g machines -$ logon path = \\%N\home\samba\profiles\%U logon drive = m: logon home = \\%N\home\%U domain logons = Yes domain master = Yes dns proxy = No wins support = Yes panic action = /usr/share/samba/panic-action %d [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes browseable = No browsable = No [Profiles] profile acls = yes create mode = 0600 directory mode = 0700 path = /home/samba/profiles read only = no browseable = no writeable = yes guest ok = yes [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No browsable = No Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles, linux client...
On 11/08/10 21:17, Donny Brooks wrote: I know this may be a hairbrained idea, and I may be totally off base here. If so please let me know. But I was wondering how to have roaming profiles similar to xp and vista/7 on a linux client pc. Say I am at one desk with xp (or vista/7) and I want to login as myself on a linux desktop (say ubuntu or similar) but want to keep all the access to my same browser data and such. How would one go about configuring the Samba PDC to do that? Or is it even possible? Mount your local home directory to a share on the server at login. -- Andrew Porter Tel: 07766 667788 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles, linux client...
I know this may be a hairbrained idea, and I may be totally off base here. If so please let me know. But I was wondering how to have roaming profiles similar to xp and vista/7 on a linux client pc. Say I am at one desk with xp (or vista/7) and I want to login as myself on a linux desktop (say ubuntu or similar) but want to keep all the access to my same browser data and such. How would one go about configuring the Samba PDC to do that? Or is it even possible? -- Donny B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles shared between WinXP and Win7
John Doe wrote: From: German Molano Hi there I am setting up a PDC with Centos 5 + Samba 3.5.4 + Openldap with Roaming profiles using kixstart tools to mount shared folder and modifing some registry entries on windows workstations, The Roaming profiles works fine between Win2000 and WinXP. but when I tried to join a Win7 or Vista workstations i get mixed errors. Sometimes the profiles loads sometimes not, or loads badly misconfigured icons, etc. I think you need a [Profiles.V2] section... Ok I also follow that path but sometimes the profiles get created in profiles share. with adding a ".V2 " to the user profile folder, but it doesn't solve the main issue to have the Desktop and My Documents stable whatever the platform you log in. I also think that, starting with Vista, profiles directories/files are different, so I do not think a symlink is a good idea... JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles shared between WinXP and Win7
From: German Molano > Hi there I am setting up a PDC with Centos 5 + Samba 3.5.4 + Openldap with >Roaming profiles using kixstart tools to mount shared folder and modifing some > >registry entries on windows workstations, > The Roaming profiles works fine between Win2000 and WinXP. but when I tried > to >join a Win7 or Vista workstations i get mixed errors. Sometimes the profiles >loads sometimes not, or loads badly misconfigured icons, etc. I think you need a [Profiles.V2] section... I also think that, starting with Vista, profiles directories/files are different, so I do not think a symlink is a good idea... JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles shared between WinXP and Win7
Hi there I am setting up a PDC with Centos 5 + Samba 3.5.4 + Openldap with Roaming profiles using kixstart tools to mount shared folder and modifing some registry entries on windows workstations, The Roaming profiles works fine between Win2000 and WinXP. but when I tried to join a Win7 or Vista workstations i get mixed errors. Sometimes the profiles loads sometimes not, or loads badly misconfigured icons, etc. This is my config: [homes] root preexec = /root/bin/auto-create-home-samba.sh %u comment = Home Directories valid users = %u read only = No browseable = No -- auto-create-home-samba.sh -- #!/bin/bash if [ ! -e /home/$1 ]; then mkdir /home/$1 chown $1:"Domain Users" /home/$1 chmod 700 /home/$1 fi exit 0 -- auto-create-home-samba.sh -- [profiles] root preexec = /root/bin/samba-profile-fix.sh %u comment = Network Profiles Share path = /var/lib/samba/profiles read only = No profile acls = Yes create mode = 0600 directory mode = 0700 writable = yes browseable = No store dos attributes = Yes -- samba-profile-fix.sh -- #!/bin/bash if [ ! -e /var/lib/samba/profiles/$1.V2 ]; then ln -s /var/lib/samba/profiles/$1 /var/lib/samba/profiles/$1.V2 if [ ! -e /var/lib/samba/profiles/$1 ]; then mkdir /var/lib/samba/profiles/$1 chown -R $1:"Domain Users" /var/lib/samba/profiles/$1 setfacl -d -m u:$1:rwx /var/lib/samba/profiles/$1 chmod 700 /var/lib/samba/profiles/$1 fi fi exit 0 -- samba-profile-fix.sh -- [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes locking = No write list = admin, Administrador -- logon.kix -- BREAK OFF $ = SETTITLE("Domain Login") BIG COLOR G/N ?...@domain ? SMALL COLOR W/N ?...@time " - " @WKSTA " - " @USERID ?"Do not close this window, it will automatically close" ? SetTime "\\PDC" USE Z: "\\PDC\GENERAL" USE P: "\\PDC\PUBLIO)" $AutoUpdateServer = "http://192.168.0.3/selfupdate"; WriteValue("HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager", "DllName", "%SystemRoot%\Resources\themes\Windows Classic.theme","REG_SZ") WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Personal", "%USERPROFILE%\Mis documentos", "REG_EXPAND_SZ") WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Desktop", "%USERPROFILE%\Escritorio", "REG_EXPAND_SZ") WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Favorites", "%USERPROFILE%\Favoritos", "REG_EXPAND_SZ") ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsUpdate") If @ERROR <> 0 AddKey("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsUpdate") EndIf ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsUpdate") If $AutoUpdateServer<>"" If @ERROR <> 0 WriteValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate", "WUServer",$AutoUpdateServer,"REG_SZ") WriteValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate", "WUStatusServer",$AutoUpdateServer,"REG_SZ") EndIf EndIf --logon.kix-- The question how i can maintain the Windows configuration folders between Windows OSes without messing around too much with the Windows registry?. Its possible to detect which platform logs in and make it store some config files like NTUSER.dat and others to some specified location inside the profile so it doesn't overlaps between platforms ? Thanks for your help German -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
Thanks John, I will give that a try today. Dan On Wed, 2010-01-27 at 21:27 -0600, John H Terpstra wrote: > On 01/27/2010 08:29 PM, Daniel R. Gore wrote: > > Because of the extremely restrictive security environment we work under, > > our Windows Admins have disabled the administrator account on our Domain > > and created a new account with administrator rights. The result is that > > the common RID of 500 which maps to the Linux UID and GID of 500 is no > > longer valid. This means that when the Windows Domain controller, via > > the Domain Administrator (which has another name and RID) tries to make > > an account on the samba share where the profiles are intended for, it > > fails because Samba expects this to come from the well known RID of > > 500. > > > > Is there any way to specify in Samba what RID number to expect and use > > for Domain Administration management? > > > > Thanks. > > > > Dan > > Dan, > > You can assign suitable rights and privileges using the "net" utility as > follows: > > net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege > SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege > SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege > SeDiskOperatorPrivilege -Uadministrator%password > > When correctly processed for domain group "Whatchamacallit" you will get > something that looks like this: > > net rpc rights list accounts -Uwinadmin%n3v3rgessit > BUILTIN\Print Operators > No privileges assigned > > BUILTIN\Account Operators > No privileges assigned > > BUILTIN\Backup Operators > No privileges assigned > > BUILTIN\Server Operators > No privileges assigned > > BUILTIN\Administrators > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > Everyone > No privileges assigned > URDOMAIN\Whatchamacallit > SeMachineAccountPrivilege > SeTakeOwnershipPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeRemoteShutdownPrivilege > SePrintOperatorPrivilege > SeAddUsersPrivilege > SeDiskOperatorPrivilege > > > Yell if you need more help. > > Cheers, > John T. > _ > This email has been ClamScanned ! > www.clamav.net _ This email has been ClamScanned ! www.clamav.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
I just tried that on my network. I think the correct command is "net rpc rights grant" Which seemed to work on the DC But although geten and wbinfo work, I didn't get any of the domain users with this command. Shouldn't they be listed? John H Terpstra wrote: On 01/27/2010 08:29 PM, Daniel R. Gore wrote: Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan Dan, You can assign suitable rights and privileges using the "net" utility as follows: net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%password When correctly processed for domain group "Whatchamacallit" you will get something that looks like this: net rpc rights list accounts -Uwinadmin%n3v3rgessit BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned URDOMAIN\Whatchamacallit SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Yell if you need more help. Cheers, John T. -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
On 01/27/2010 08:29 PM, Daniel R. Gore wrote: > Because of the extremely restrictive security environment we work under, > our Windows Admins have disabled the administrator account on our Domain > and created a new account with administrator rights. The result is that > the common RID of 500 which maps to the Linux UID and GID of 500 is no > longer valid. This means that when the Windows Domain controller, via > the Domain Administrator (which has another name and RID) tries to make > an account on the samba share where the profiles are intended for, it > fails because Samba expects this to come from the well known RID of > 500. > > Is there any way to specify in Samba what RID number to expect and use > for Domain Administration management? > > Thanks. > > Dan Dan, You can assign suitable rights and privileges using the "net" utility as follows: net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%password When correctly processed for domain group "Whatchamacallit" you will get something that looks like this: net rpc rights list accounts -Uwinadmin%n3v3rgessit BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned URDOMAIN\Whatchamacallit SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Yell if you need more help. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....
Because of the extremely restrictive security environment we work under, our Windows Admins have disabled the administrator account on our Domain and created a new account with administrator rights. The result is that the common RID of 500 which maps to the Linux UID and GID of 500 is no longer valid. This means that when the Windows Domain controller, via the Domain Administrator (which has another name and RID) tries to make an account on the samba share where the profiles are intended for, it fails because Samba expects this to come from the well known RID of 500. Is there any way to specify in Samba what RID number to expect and use for Domain Administration management? Thanks. Dan _ This email has been ClamScanned ! www.clamav.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles and Samba 3.4.x
Very strange- we do use Samba 3.4.3 and still have the force user =%U option in the [Profiles] section in combination with 700 rights on the users folder ... and this is working regards I solved it... in smb.conf following parameter was configured: force user = %U when removing "force user" everything works fine. i don't know why it works w/ 3.0.x but not w/ 3.4.x but it's nice to have satisfied users again :) best -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles and Samba 3.4.x
I solved it... in smb.conf following parameter was configured: force user = %U when removing "force user" everything works fine. i don't know why it works w/ 3.0.x but not w/ 3.4.x but it's nice to have satisfied users again :) best Alexander Födisch schrieb: we still do not have a solution. are there are any changes from samba 3.0.x to 3.4.x??? since upgrade to 3.4.3 it does not work anymore with permissions 0777. we need roaming profiles! but we can not roll back to version 3.0.x since we also need Windows 7 support. thanks for any help! Alex Adam Williams schrieb: not a fix, but permissions of 1777 would be slightly better. -- Mit besten Grüßen / Best Regards Alexander Födisch Max Planck Institute for Evolutionary Anthropology -Central IT Department- Deutscher Platz 6 D-04103 Leipzig Phone: +49 (0)341 3550-168 +49 (0)341 3550-154 Fax:+49 (0)341 3550-119 Email: foedi...@eva.mpg.de smime.p7s Description: S/MIME Cryptographic Signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles and Samba 3.4.x
we still do not have a solution. are there are any changes from samba 3.0.x to 3.4.x??? since upgrade to 3.4.3 it does not work anymore with permissions 0777. we need roaming profiles! but we can not roll back to version 3.0.x since we also need Windows 7 support. thanks for any help! Alex Adam Williams schrieb: not a fix, but permissions of 1777 would be slightly better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles and Samba 3.4.x
not a fix, but permissions of 1777 would be slightly better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles and Samba 3.4.x
Hi, since we did an upgrade from samba 3.0.28 to samba 3.4.x we have trouble with roaming profiles. Currently we are running samba 3.4.3. When logging on, the profile folder on fileserver is created, but the user gets an error message: Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Access is denied. Sambalog: [2009/11/10 11:27:59, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]...@[] with the new password interface [2009/11/10 11:27:59, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: []\[]...@[] [2009/11/10 11:27:59, 5] auth/auth_util.c:1517(fill_sam_account) fill_sam_account: located username was [\] [2009/11/10 11:27:59, 3] auth/auth.c:271(check_ntlm_password) check_ntlm_password: winbind authentication for user [] succeeded [...] [2009/11/10 11:27:59, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []...@[] with the new password interface [2009/11/10 11:27:59, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: []...@[] snippet of the smb.conf file: map untrusted to domain = yes [...] [profiles] comment = path = "" browseable = no force create mode= 0660 force directory mode = 0770 force group = force user = %U guest ok = yes nt acl support = yes inherit permissions = yes writeable= yes The working solution at the moment: 0777 for all userprofiles. But that's not very nice... Any ideas? Are there any changes of samba > 3.0.x, which I didn't pay attention to? Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles
Wojciech Giel wrote: Gary Dale wrote: The netlogon share is, AFAIK, used if you want to provide scripts to be run at logon. It's not essential for roaming profiles but it's also probably not large so there is no point in not having one. Corporate types love being able to control end user's using netlogon scripts. Profiles are a copy of your Windows account profile that gets synched when you log on or off a Windows computer. The problem is, if you have lots of files in My Documents, it can get large and synching can take a long time. AFAIK there is no need for them both to be on the same machine but I've never tried doing it any other way. Not sure how to specify them on different machines. You can put your netlogon and profiles anywhere. But can I stay only with this entries in smb.conf [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: and get rid of [profile] share at all on pdc or member. I'm not sure what the point would be. Scripts are small files so even across a slow connection, they will download quickly. The profiles, on the other hand, can be large and synching them is slow. Moreover, having a copy on a server eliminates the need to back up workstations (although if users have a lot of files in their profiles, the synching can be slow - try to get them to keep files on server shares). With the profiles stored on a server, you just need to backup the server. The path you specify in your smb.conf above puts it in a hidden (.profile) directory in a user's Unix home folder. However, they may not have one. it is created automatically by scripts. But I only need to configure samba to work correctly in this layout. If your users all have Unix accounts, but this is not necessary for Samba to work. However, it's no big deal to put the profiles elsewhere. Your choice. I keep mine in /home/samba/netlogon and /home/samba/profiles/%U myself. You can still share that for each user but it keeps your /home directory smaller - only Unix accounts & samba show up directly in /home. thanks Good luck! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles
Gary Dale wrote: >The netlogon share is, AFAIK, used if you want to provide scripts to be >run at logon. It's not essential for roaming profiles but it's also >probably not large so there is no point in not having one. Corporate >types love being able to control end user's using netlogon scripts. >Profiles are a copy of your Windows account profile that gets synched >when you log on or off a Windows computer. The problem is, if you have >lots of files in My Documents, it can get large and synching can take a >long time. >AFAIK there is no need for them both to be on the same machine but I've >never tried doing it any other way. Not sure how to specify them on >different machines. You can put your netlogon and profiles anywhere. But can I stay only with this entries in smb.conf [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: and get rid of [profile] share at all on pdc or member. >The path you specify in your smb.conf above puts it in a hidden (.profile) >directory in a user's Unix home folder. However, they may not have one. it is created automatically by scripts. But I only need to configure samba to work correctly in this layout. >I keep mine in >/home/samba/netlogon and /home/samba/profiles/%U myself. You can still >share that for each user but it keeps your /home directory smaller - >only Unix accounts & samba show up directly in /home. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles
Wojciech Giel wrote: Hi I trying to configure Samba PDC/BDC with LDAP master/slave backend and file server as a Member serwer. PDC/BDC with ldap is working. But now I 'm in the middle of configuring roaming profiles but I don't understand some issues. Samba PDC/BDC with ldap's is on ubuntu server whereas samba member server is on opensolaris with zfs based storage. users Home directories will be on Samba Member server(OXHILL), and inside these directories will be roaming profiles directory and redirected folders. I dont understand roaming profiles topic could some one explain it is in a simple way. As I understand on PDC in order to have roaming profiles I have to add [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: [homes] comment = Home Directories valid users = %S read only = no browsable = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no read only = yes guest ok = yes locking = no [profile] comment = Profile Share path = /home/%U/.profiles read only = no profile acls = yes so home directory is on OXHILL and profile directory is inside that directory. But should netlogon share be on that machine too? What for is this profile share is it necessary if I have logon path? on Samba member (OXHILL) [homes] comment = Home Directories path = /home/%U read only = no browsable = no root preexec = /usr/bin/homecreate '%U' should I add profile and net logon share? Please somebody help me to understand relation ship between logon path and netlogon profiles, and how to do it correctly. thanks for any help The netlogon share is, AFAIK, used if you want to provide scripts to be run at logon. It's not essential for roaming profiles but it's also probably not large so there is no point in not having one. Corporate types love being able to control end user's using netlogon scripts. Profiles are a copy of your Windows account profile that gets synched when you log on or off a Windows computer. The problem is, if you have lots of files in My Documents, it can get large and synching can take a long time. AFAIK there is no need for them both to be on the same machine but I've never tried doing it any other way. Not sure how to specify them on different machines. You can put your netlogon and profiles anywhere. The path you specify in your smb.conf above puts it in a hidden (.profile) directory in a user's Unix home folder. However, they may not have one. I keep mine in /home/samba/netlogon and /home/samba/profiles/%U myself. You can still share that for each user but it keeps your /home directory smaller - only Unix accounts & samba show up directly in /home. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles
Hi I trying to configure Samba PDC/BDC with LDAP master/slave backend and file server as a Member serwer. PDC/BDC with ldap is working. But now I 'm in the middle of configuring roaming profiles but I don't understand some issues. Samba PDC/BDC with ldap's is on ubuntu server whereas samba member server is on opensolaris with zfs based storage. users Home directories will be on Samba Member server(OXHILL), and inside these directories will be roaming profiles directory and redirected folders. I dont understand roaming profiles topic could some one explain it is in a simple way. As I understand on PDC in order to have roaming profiles I have to add [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: [homes] comment = Home Directories valid users = %S read only = no browsable = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no read only = yes guest ok = yes locking = no [profile] comment = Profile Share path = /home/%U/.profiles read only = no profile acls = yes so home directory is on OXHILL and profile directory is inside that directory. But should netlogon share be on that machine too? What for is this profile share is it necessary if I have logon path? on Samba member (OXHILL) [homes] comment = Home Directories path = /home/%U read only = no browsable = no root preexec = /usr/bin/homecreate '%U' should I add profile and net logon share? Please somebody help me to understand relation ship between logon path and netlogon profiles, and how to do it correctly. thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles problem
I'm having a weird problem with xp sp2 where when a user logs in instead of their 'my documents' folder they get a 'my documents' folder of a user that has logged in previously. I'm getting the Offline Files - Working offline You are no longer connected to DOMAIN alert. If I synchronize, and then immediately check my documents I see the correct 'my documents' of the user logged in. But then it switches back after an instant and the Offline Files alert pops up again. What's going on here? Any thoughts? Thanks, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On Saturday 23 August 2008 06:04:50 Mugo Martin wrote: > Let me ask this again though it seems off the point. > > Are we supposed to add more lines to the *smb.conf* file even though the > distribution installed does come with them defined. Samba 3.0.x has at > most 5 lines in the *profiles* section. No mask, force user, ..etc. > Adding them does not break Samba and testparm outputs them, but do they add > anything or you are better off looking for configuration problems > elsewhere? There is often the problem of the wisdom of the ages as against the wisdom of the sages. In other words, there are the opinions of the unwashed masses compared with the opinion of the experts. In respect of Roaming Profiles (also called Roving Profiles by some) opinions are not hard to find - just google a bit and you will see what I mean. Instead of offering yet another divergent opinion, let me offer two profile share stanzas from fully working sites. Example 1: --- From my own Samba 3.2.2 server. This works perfectly fine. It has done since I wrote the Samba3-ByExample book. [profiles] comment = Profile Share path = /data/samba/profiles read only = No profile acls = Yes Example 2: --- This one is in use at a site that has 4200 users, all of them rather happy, except when one of our bugs causes a few of them a little pain. But so far as profile handling is concerned, the stanza definition has not ever caused them a problem. So why the extra lines? Simple, they are required to assure absolute confidentiality of user data under various national laws. That is why, as a paranoia move, they added the masks and set browseable to No. The "store DOS attributes" parameter is not needed, but they will not change the stanza unless there is a compelling reason to do so. Since this works, there is not basis for change. [profiles] comment = Network Profiles Service path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No I hope this helps a few of you to see that the excited discussions regarding Samab profile share stanza definitions can be entirely over-rated. When I update the HOWTO chapter on Windows system profile management I will simplify the content radically. Profiles are not rocket science - though from this mailing list one can be excused for thinking it is! Cheers, John T. PS: The remainder of this email is left intact to preserve the whole story for the benefit of search engine users. > Mike E, sorry I didn't get back at you over your question. Couldn't think > of a solution and I'm very new to samba. Hope you got sorted though. > > Martin. > > On Fri, Aug 22, 2008 at 6:02 PM, L.P.H. van Belle <[EMAIL PROTECTED]> wrote: > > First, read the man smb.conf > > there you will see DEFAULT profile acls = no > > > > second if you setup your rights correctly, like > > for example how i have it. > > /home/samba/profiles ( 777) > > and remember to set /home/samba at least 755 ( the last 5 is needed !! ) > > > > autocreated bij user at logoff /home/samba/profiles/USERNAME (700) > > if a profile exist in test enviroment, logon, set everything in windows. > > delete the profile from the server and logoff the profile is new > > created again with correct rights. > > > > when used force user = %U > > its always the user. > > but dont forget !! > >create mask = 0600 > >directory mask = 0700 > > > > when profiles are setup this way its just how xp sp1 and higher > > checks its rights. with this setup you dont have to change > > any thing in xp policies for the profiles. > > > > this is how i have my profles in smb.conf > > [profiles] > >path = /home/samba/profiles > >comment = Profile enviroment. > >read only = no > >create mask = 0600 > >directory mask = 0700 > >browseable = Yes > >guest ok = Yes > > csc policy = disable > >force user = %U > >valid users = %U @"Domain Admins" > > > > > > Sorry if i didnt reply your message, i didnt see that. > > > > Louis > > > > >-Oorspronkelijk bericht- > > >Van: Charles Marcus [mailto:[EMAIL PROTECTED] > > >Verzonden: vrijdag 22 augustus 2008 16:53 > > >Aan: L.P.H. van Belle > > >CC: samba@lists.samba.org > > >Onderwerp: Re: [Samba] Roaming profiles > > > > > >On 8/22/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: > > >> yes, turn off Pofile acls, > > > > > >T
Re: [Samba] Roaming profiles
Let me ask this again though it seems off the point. Are we supposed to add more lines to the *smb.conf* file even though the distribution installed does come with them defined. Samba 3.0.x has at most 5 lines in the *profiles* section. No mask, force user, ..etc. Adding them does not break Samba and testparm outputs them, but do they add anything or you are better off looking for configuration problems elsewhere? Mike E, sorry I didn't get back at you over your question. Couldn't think of a solution and I'm very new to samba. Hope you got sorted though. Martin. On Fri, Aug 22, 2008 at 6:02 PM, L.P.H. van Belle <[EMAIL PROTECTED]> wrote: > First, read the man smb.conf > there you will see DEFAULT profile acls = no > > second if you setup your rights correctly, like > for example how i have it. > /home/samba/profiles ( 777) > and remember to set /home/samba at least 755 ( the last 5 is needed !! ) > > autocreated bij user at logoff /home/samba/profiles/USERNAME (700) > if a profile exist in test enviroment, logon, set everything in windows. > delete the profile from the server and logoff the profile is new > created again with correct rights. > > when used force user = %U > its always the user. > but dont forget !! >create mask = 0600 >directory mask = 0700 > > when profiles are setup this way its just how xp sp1 and higher > checks its rights. with this setup you dont have to change > any thing in xp policies for the profiles. > > this is how i have my profles in smb.conf > [profiles] >path = /home/samba/profiles >comment = Profile enviroment. >read only = no >create mask = 0600 >directory mask = 0700 >browseable = Yes >guest ok = Yes > csc policy = disable >force user = %U >valid users = %U @"Domain Admins" > > > Sorry if i didnt reply your message, i didnt see that. > > Louis > > > >-Oorspronkelijk bericht- > >Van: Charles Marcus [mailto:[EMAIL PROTECTED] > >Verzonden: vrijdag 22 augustus 2008 16:53 > >Aan: L.P.H. van Belle > >CC: samba@lists.samba.org > >Onderwerp: Re: [Samba] Roaming profiles > > > >On 8/22/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: > >> yes, turn off Pofile acls, > > > >This is the second time you have said this, but never answered my > >request for WHY would you suggest this, when the samba devs say it is > >REQUIRED? > > > >Please, either provide an answer/rationale for why you are telling > >someone to try something non-standard, or stop pulling things > >out of the > >air. > > > >-- > > > >Best regards, > > > >Charles > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming profiles
First, read the man smb.conf there you will see DEFAULT profile acls = no second if you setup your rights correctly, like for example how i have it. /home/samba/profiles ( 777) and remember to set /home/samba at least 755 ( the last 5 is needed !! ) autocreated bij user at logoff /home/samba/profiles/USERNAME (700) if a profile exist in test enviroment, logon, set everything in windows. delete the profile from the server and logoff the profile is new created again with correct rights. when used force user = %U its always the user. but dont forget !! create mask = 0600 directory mask = 0700 when profiles are setup this way its just how xp sp1 and higher checks its rights. with this setup you dont have to change any thing in xp policies for the profiles. this is how i have my profles in smb.conf [profiles] path = /home/samba/profiles comment = Profile enviroment. read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" Sorry if i didnt reply your message, i didnt see that. Louis >-Oorspronkelijk bericht- >Van: Charles Marcus [mailto:[EMAIL PROTECTED] >Verzonden: vrijdag 22 augustus 2008 16:53 >Aan: L.P.H. van Belle >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming profiles > >On 8/22/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: >> yes, turn off Pofile acls, > >This is the second time you have said this, but never answered my >request for WHY would you suggest this, when the samba devs say it is >REQUIRED? > >Please, either provide an answer/rationale for why you are telling >someone to try something non-standard, or stop pulling things >out of the >air. > >-- > >Best regards, > >Charles > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On 8/22/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: > yes, turn off Pofile acls, This is the second time you have said this, but never answered my request for WHY would you suggest this, when the samba devs say it is REQUIRED? Please, either provide an answer/rationale for why you are telling someone to try something non-standard, or stop pulling things out of the air. -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming profiles
yes, turn off Pofile acls, and if that does not work try, enable the group policies for "Do not check for user ownership of Roaming Profile Folders" and "Add the Administrator security group to the roaming user profile share" policy using "Start" menu -> "Run", enter "gpedit.msc" -> under "Computer Configuration" -> "Administrative Templates" -> "System" -> "User Profiles" and enabling these two properties. /snap from man smb.conf profile acls (S) This boolean parameter was added to fix the problems that people have been having with storing user profiles on Samba shares from Windows 2000 or Windows XP clients. New versions of Windows 2000 or Windows XP service packs do security ACL checking on the owner and ability to write of the profile directory stored on a local workstation when copied from a Samba share. When not in domain mode with winbindd then the security info copied onto the local workstation has no meaning to the logged in user (SID) on that workstation so the profile storing fails. Adding this parameter onto a share used for profile storage changes two things about the returned Windows ACL. Firstly it changes the owner and group owner of all reported files and directories to be BUILTIN\Administrators, BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to every returned ACL. This will allow any Windows 2000 or XP workstation user to access the profile. Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access each others profiles you must remove the "Bypass traverse checking" advanced user right. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user. ===>>> Default: profile acls = no Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Mike Eggleston >Verzonden: vrijdag 22 augustus 2008 16:19 >Aan: Mugo Martin >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming profiles > >On Wed, 20 Aug 2008, Mugo Martin might have said: > >> Hi all, thanks for your replies >> >> I got the profiles to work, did not remove the >> >> profile acls = Yes >> >> line. This is my profiles section; >> >> [profiles] >> comment = User profiles >> path = /var/lib/samba/profiles >> read only = No >> profile acls = Yes >> valid users = %U >> force user = %U > >I added the 'profile acls = Yes' to my /etc/samba/smb.conf, ran >'testparm', then 'service smb condrestart'. All seemed ok, so I >logged out of my xp work station, booted the work station, and logged >back in. When logging in I get the error that my roaming >profile is not >valid/available. The detail says 'the specified network name >is no longer >available.' So I reversed the change, bounced samba again (the service, >not the box), logged out of xp, booted, and logged back in and got the >same error. > >Any ideas what's going on? > >Mike >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On Fri, 22 Aug 2008, Mike Eggleston might have said: > On Wed, 20 Aug 2008, Mugo Martin might have said: > > > Hi all, thanks for your replies > > > > I got the profiles to work, did not remove the > > > > profile acls = Yes > > > > line. This is my profiles section; > > > > [profiles] > > comment = User profiles > > path = /var/lib/samba/profiles > > read only = No > > profile acls = Yes > > valid users = %U > > force user = %U > > I added the 'profile acls = Yes' to my /etc/samba/smb.conf, ran > 'testparm', then 'service smb condrestart'. All seemed ok, so I > logged out of my xp work station, booted the work station, and logged > back in. When logging in I get the error that my roaming profile is not > valid/available. The detail says 'the specified network name is no longer > available.' So I reversed the change, bounced samba again (the service, > not the box), logged out of xp, booted, and logged back in and got the > same error. > > Any ideas what's going on? > > Mike Forgot: Fedora Core 5, latest patches Samba: [EMAIL PROTECTED] ~]$ rpm -qa | grep samba samba-client-3.0.24-7.fc5 system-config-samba-1.2.34-1 samba-swat-3.0.24-7.fc5 samba-common-3.0.24-7.fc5 samba-3.0.24-7.fc5 LDAP: [EMAIL PROTECTED] ~]$ rpm -qa | grep ldap openldap-clients-2.3.30-2.fc5 openldap-2.3.30-2.fc5 ldapjdk-4.17-1jpp_3fc.1.1 openldap-servers-2.3.30-2.fc5 nss_ldap-249-1 python-ldap-2.0.6-5.2.1 cyrus-sasl-ldap-2.1.21-10 openldap-devel-2.3.30-2.fc5 smbldap-tools-0.9.2-3.fc5 mod_authz_ldap-0.26-6.2.1 Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On Wed, 20 Aug 2008, Mugo Martin might have said: > Hi all, thanks for your replies > > I got the profiles to work, did not remove the > > profile acls = Yes > > line. This is my profiles section; > > [profiles] > comment = User profiles > path = /var/lib/samba/profiles > read only = No > profile acls = Yes > valid users = %U > force user = %U I added the 'profile acls = Yes' to my /etc/samba/smb.conf, ran 'testparm', then 'service smb condrestart'. All seemed ok, so I logged out of my xp work station, booted the work station, and logged back in. When logging in I get the error that my roaming profile is not valid/available. The detail says 'the specified network name is no longer available.' So I reversed the change, bounced samba again (the service, not the box), logged out of xp, booted, and logged back in and got the same error. Any ideas what's going on? Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
Hi all, thanks for your replies I got the profiles to work, did not remove the profile acls = Yes line. This is my profiles section; [profiles] comment = User profiles path = /var/lib/samba/profiles read only = No profile acls = Yes valid users = %U force user = %U That together with the other mentioned configs and commands. Added a line not in the Samba 3.0.28 master configuration files however. Dont know whether this is right. John, the SIDs are different and I had to use this guide to migrate them because the UIDs and passwords are different on either server. http://lists.samba.org/archive/samba/2005-December/115326.html ps: My setup (CentOS 5.1, Samba 3.0.28, Openldap 2.x.x) Best regards, Martin. On Tue, Aug 19, 2008 at 5:59 PM, <[EMAIL PROTECTED]> wrote: > Maybe you could provide a level 10 log of when the first error happens > (for a new user). > > Are all your users member of the group "users" ? > Are all the underlying directories (/var /var/lib /var/lib/samba ...) set > with at least the o+x permission on the file system ? > > François > > > Hi people. Im in need of help as far as roaming profiles are concerned. > > Allow me as I know this issue has been discussed timelessly but let me > > just > > ask it because I have been unable to get it to work. > > > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > > using samba 3.0.28. However when logging in for the first time, they get > > the > > message; > > > > Windows cannot locate a server copy-Access is denied > > > > When logging off, > > > > Windows cannot update your roaming profile... -Access is denied > > > > I copied the profiles across from another server, so the first error does > > not come up except for new users and the old profiles are mapped onto the > > users machines just fine. > > > > I think I've done everything for roaming profiles to work including > > > > mkdir -p /var/lib/samba/profiles > > chown root:users /var/lib/samba/profiles > > chmod 2775 /var/lib/samba/profiles > > > > chown -R user /var/lib/samba/profiles/user/ > > > > The samba logs don't show any errors. > > > > Below is my smb.conf file > > [global] > > workgroup = EXAMPLE > > netbios name = EXAMPLE_SERVER > > server string = Samba Server Version %v > > passdb backend = ldapsam:ldap://example.org/ > > log file = /var/log/samba/%m.log > > max log size = 50 > > add user script = /usr/sbin/adduser -m "%u" > > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 > > -s > > /bin/false -M %u > > logon script = %u.bat > > logon path = \\EXAMPLE_SERVER\profiles\%U > > logon home = \\EXAMPLE_SERVER\%U > > domain logons = Yes > > domain master = Yes > > ldap admin dn = "cn=config" > > ldap group suffix = ou=groups > > ldap machine suffix = ou=machines > > ldap passwd sync = Yes > > ldap suffix = dc=example,dc=org > > ldap user suffix = ou=people > > cups options = raw > > [homes] > > comment = Home Directories > > validusers = %S > > read only = No > > browseable = No > > writable = Yes > > create mask= 0700 > > directory mask = 0700 > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > share modes = No > > guest ok = Yes > > [profiles] > > path = /var/lib/samba/profiles > > read only = No > > writable = Yes > > profile acls = Yes > > comment = User profiles > > create mask = 0600 > > browsable = no > > directory mask = 0700 > > > > My searches on the web have not helped much. I am running on a Red Hat > > like > > system (CentOS 5). > > > > Someone please help. I will be eternally grateful. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles only for Admin?
On 8/20/2008, Albrecht Dreß ([EMAIL PROTECTED]) wrote: > Maybe I should add that I didn't create the accounts using Samba, but > through a hack to the Kolab groupware server which also uses LDAP as > backend. The hack assigns User and Group SID as Oh, yeah, well... Then I suggest you go talk to the one who hacked the Kolab groupware server... do you really think it is reasonable to expect the sambe devs (or others here) to be able to grok it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles only for Admin?
Hi John: Thanks a lot for your detailed explanations! Am 19.08.2008 18:35:48 schrieb(en) John H Terpstra: Inside the NTUSER.DAT file, that you will find in the user's profile directory on the Samba server, is stored the SID of the user who owns the profile. If for any reason the user's SID is changed the user will not longer be able to access that profile. You can list the SIDs inside the NTUSER.DAT file using the Samba "profiles" tool. O.k., I did that, and /basically/ the differences between the "working" and the "non-working" accounts are in the "Owner SID" and "Trustee SID" fields, plus many diffs in stuff like "ACL for $$$PROTO.HIV\Software\Microsoft\Protected Storage System Provider\sid>". Maybe I should add that I didn't create the accounts using Samba, but through a hack to the Kolab groupware server which also uses LDAP as backend. The hack assigns User and Group SID as User SID == S-1-5-21; posix uid = 2000, 2001, ..., 2999 Group SID == S-1-5-213001 where -- is taken from the "net getlocalsid" output. Maybe this approach is plain wrong, i.e. do I have to assign the SID's in a different way? When I look at extra Samba group mappings created with LAM, the spacing is always /2/, i.e. group numbers are 3001, 3003, 3005, etc. Is that a requirement which explain the effects if I don't follow them? Disabling of the profile ownership is usually a red-flag that there is a problem with the consistency between the user SIDs stored in NTUSER.DAT and the current SID reported through Samba. This is what should be fixed, rather than using a sledge-hammer to get around the problem. Work-arounds often have side-effects. O.k., got the message ;-) Have you recently change the domain (workgroup) name or the machine name? Either will change the Domain and/or machine SID. Nope. Initialised LDAP using 'smbldap-populate -b guest -l 65534 -a myadmin'. Joined a workstation to the domain, and never touched any setting afterwards. Check out the use of the "net" utility to set/record your domain and machine SIDs: net getdomainsid SID for domain MY-PDC is: S-1-5-21--- SID for domain MY-DOMIAN is: S-1-5-21--- net getmachinesid Hmm, says "No command: getmachinesid"? In LDAP, the machine sid of the workstation is "S-1-5-211001". net getlocalsid SID for domain MY-PDC is: S-1-5-21--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles only for Admin?
On Tuesday 19 August 2008 11:06:31 Albrecht Dreß wrote: > Hi, > > thanks a lot for all hints... > > After playing a whole afternoon with the W2Ksp4 box, I made some > progress... > > First, I had to run "gpedit" on the 2k box, and to "activate" the > option for not checking the ownership of roaming profile folders (key > is Computer configuration - Administrative Templates - System - User > Profiles; I found this hint in a posting). Inside the NTUSER.DAT file, that you will find in the user's profile directory on the Samba server, is stored the SID of the user who owns the profile. If for any reason the user's SID is changed the user will not longer be able to access that profile. You can list the SIDs inside the NTUSER.DAT file using the Samba "profiles" tool. Disabling of the profile ownership is usually a red-flag that there is a problem with the consistency between the user SIDs stored in NTUSER.DAT and the current SID reported through Samba. This is what should be fixed, rather than using a sledge-hammer to get around the problem. Work-arounds often have side-effects. > Now the roaming profile is stored properly *except* for a user for > which the attempt to store the profile failed. Here I have to erase > the local profile folder (in C:\Documents and Settings), then reboot > the box, and try again - works. Arrgh!!! No idea what happens with XP > and Vista. Have you recently change the domain (workgroup) name or the machine name? Either will change the Domain and/or machine SID. Check out the use of the "net" utility to set/record your domain and machine SIDs: net getdomainsid net setdomain sid net getmachinesid net setmachinesid net getlocalsid net setlocalsid > Reading the man pages more closely, my impression is that the setting > "profile acls = yes" should exactly prevent this problem. This parameter helps maintain sanity over the files and folders under the profile directory. Only MS Windows manages the SIDs and ACLs inside the NTUSER.DAT file, which is what MS Windows NT4/2K/XP/Vista use to determine who can access the profile. > But it apparently doesn't work as advertised. Does anyone have more insight > here? It would be great if I could omit tweaking the policies on each > and every machine I have in the network... See above comments. - John T. > Am 19.08.2008 15:05:53 schrieb(en) Hoover, Tony: > > try changing : > > create mask = 0644 > > directory mask = 0775 > > Now my working profiles setup is > > > [profiles] > path = /home/samba/profiles > writeable = yes > store dos attributes = yes > browseable = no > create mask = 0600 > directory mask = 0700 > guest ok = no > csc policy = disable > force user = %U > valid users = %U @"Domain Admins" > > > Thanks, > Albrecht. -- John H Terpstra "Don't do as I do; Show me better!" - Anonymous. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles only for Admin?
Hi, thanks a lot for all hints... After playing a whole afternoon with the W2Ksp4 box, I made some progress... First, I had to run "gpedit" on the 2k box, and to "activate" the option for not checking the ownership of roaming profile folders (key is Computer configuration - Administrative Templates - System - User Profiles; I found this hint in a posting). Now the roaming profile is stored properly *except* for a user for which the attempt to store the profile failed. Here I have to erase the local profile folder (in C:\Documents and Settings), then reboot the box, and try again - works. Arrgh!!! No idea what happens with XP and Vista. Reading the man pages more closely, my impression is that the setting "profile acls = yes" should exactly prevent this problem. But it apparently doesn't work as advertised. Does anyone have more insight here? It would be great if I could omit tweaking the policies on each and every machine I have in the network... Am 19.08.2008 15:05:53 schrieb(en) Hoover, Tony: try changing : create mask = 0644 directory mask = 0775 Now my working profiles setup is [profiles] path = /home/samba/profiles writeable = yes store dos attributes = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = no csc policy = disable force user = %U valid users = %U @"Domain Admins" Thanks, Albrecht. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
Maybe you could provide a level 10 log of when the first error happens (for a new user). Are all your users member of the group "users" ? Are all the underlying directories (/var /var/lib /var/lib/samba ...) set with at least the o+x permission on the file system ? François > Hi people. Im in need of help as far as roaming profiles are concerned. > Allow me as I know this issue has been discussed timelessly but let me > just > ask it because I have been unable to get it to work. > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > using samba 3.0.28. However when logging in for the first time, they get > the > message; > > Windows cannot locate a server copy-Access is denied > > When logging off, > > Windows cannot update your roaming profile... -Access is denied > > I copied the profiles across from another server, so the first error does > not come up except for new users and the old profiles are mapped onto the > users machines just fine. > > I think I've done everything for roaming profiles to work including > > mkdir -p /var/lib/samba/profiles > chown root:users /var/lib/samba/profiles > chmod 2775 /var/lib/samba/profiles > > chown -R user /var/lib/samba/profiles/user/ > > The samba logs don't show any errors. > > Below is my smb.conf file > [global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 > -s > /bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw > [homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes > [profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > > My searches on the web have not helped much. I am running on a Red Hat > like > system (CentOS 5). > > Someone please help. I will be eternally grateful. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming profiles
nope >-Oorspronkelijk bericht- >Van: Charles Marcus [mailto:[EMAIL PROTECTED] >Verzonden: dinsdag 19 augustus 2008 15:39 >Aan: L.P.H. van Belle >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming profiles > >On 8/19/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: >> Remove the profile acls =yes > >??? > >Isn't this REQUIRED for the profiles share? > >-- > >Best regards, > >Charles > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On Tuesday 19 August 2008 07:18:56 Mugo Martin wrote: > Hi people. Im in need of help as far as roaming profiles are concerned. > Allow me as I know this issue has been discussed timelessly but let me just > ask it because I have been unable to get it to work. > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > using samba 3.0.28. However when logging in for the first time, they get > the message; > > Windows cannot locate a server copy-Access is denied > > When logging off, > > Windows cannot update your roaming profile... -Access is denied > > I copied the profiles across from another server, so the first error does > not come up except for new users and the old profiles are mapped onto the > users machines just fine. Did you copy the domain SID from the old server to the new one? - John T. > I think I've done everything for roaming profiles to work including > > mkdir -p /var/lib/samba/profiles > chown root:users /var/lib/samba/profiles > chmod 2775 /var/lib/samba/profiles > > chown -R user /var/lib/samba/profiles/user/ > > The samba logs don't show any errors. > > Below is my smb.conf file > [global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s > /bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw > [homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes > [profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > > My searches on the web have not helped much. I am running on a Red Hat like > system (CentOS 5). > > Someone please help. I will be eternally grateful. -- John H Terpstra "Don't do as I do; Show me better!" - Anonymous. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles
On 8/19/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: > Remove the profile acls =yes ??? Isn't this REQUIRED for the profiles share? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profiles only for Admin?
try changing : create mask = 0644 directory mask = 0775 Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albrecht Dreß Sent: Tuesday, August 19, 2008 4:22 AM To: samba@lists.samba.org Subject: [Samba] Roaming Profiles only for Admin? Hi all, I am currently fighting with roaming user profiles which shall be stored on an Ubuntu 8.04 Xeon (64 bit) box. I'm running the stock Ubuntu packages (version 3.0.28a-1ubuntu4.4). The Ubuntu box runs as PDC with a LDAP backend. Adding a Win 2000 SP4 workstation to the domain works flawlessly. If I log on on the workstation with a root-like account (UNIX user id 0, UNIX group id 0), the profile gets stored upon logoff. However, when I log on as a "normal" user on the workstation, the profile is *not* stored. My smb.conf (hope I got the relevant parts): [global] preferred master = yes local master = yes domain master = yes domain logons = yes security = user guest ok = no encrypt passwords = yes null passwords = no obey pam restrictions = no logon path = \\%L\profiles\%U logon drive = U: [profiles] path = /home/samba/profiles writeable = yes store dos attributes = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = no profile acls = yes I *think* the permissions for the profiles folder are fine - 1777, with user root and group set to the primary domain group. The folder created for the admin account has uid and gid 0, with permissions 0700. I also tried to create a profile folder /home/samba/profiles/the_user manually, with permissions 700, but it's not being filled with data. In the system protocol, I see a message like (my vague translation from German...) "The registry file could not be removed. Your settings were not replicated, when you have a profile stored on the server. Ask the administrator. Detail - access denied, build no. 2195" ("Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , Buildnummer ((2195))"). Any idea what goes wrong, and how I could fix this problem? Thanks in advance, Albrecht. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming profiles
Hi Remove the profile acls =yes and add: browseable = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Mugo Martin >Verzonden: dinsdag 19 augustus 2008 14:19 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Roaming profiles > >Hi people. Im in need of help as far as roaming profiles are concerned. >Allow me as I know this issue has been discussed timelessly >but let me just >ask it because I have been unable to get it to work. > >My Samba + Ldap setup is fine and XP users can authenticate alright. Im >using samba 3.0.28. However when logging in for the first >time, they get the >message; > >Windows cannot locate a server copy-Access is denied > >When logging off, > >Windows cannot update your roaming profile... -Access is denied > >I copied the profiles across from another server, so the first >error does >not come up except for new users and the old profiles are >mapped onto the >users machines just fine. > >I think I've done everything for roaming profiles to work including > >mkdir -p /var/lib/samba/profiles >chown root:users /var/lib/samba/profiles >chmod 2775 /var/lib/samba/profiles > >chown -R user /var/lib/samba/profiles/user/ > >The samba logs don't show any errors. > >Below is my smb.conf file >[global] >workgroup = EXAMPLE >netbios name = EXAMPLE_SERVER >server string = Samba Server Version %v >passdb backend = ldapsam:ldap://example.org/ >log file = /var/log/samba/%m.log >max log size = 50 >add user script = /usr/sbin/adduser -m "%u" >add machine script = /usr/sbin/useradd -d >/var/lib/nobody -g 100 -s >/bin/false -M %u >logon script = %u.bat >logon path = \\EXAMPLE_SERVER\profiles\%U >logon home = \\EXAMPLE_SERVER\%U >domain logons = Yes >domain master = Yes >ldap admin dn = "cn=config" >ldap group suffix = ou=groups >ldap machine suffix = ou=machines >ldap passwd sync = Yes >ldap suffix = dc=example,dc=org >ldap user suffix = ou=people >cups options = raw >[homes] >comment = Home Directories >validusers = %S >read only = No >browseable = No >writable = Yes >create mask= 0700 >directory mask = 0700 >[netlogon] >comment = Network Logon Service >path = /var/lib/samba/netlogon >share modes = No >guest ok = Yes >[profiles] >path = /var/lib/samba/profiles >read only = No >writable = Yes >profile acls = Yes >comment = User profiles >create mask = 0600 >browsable = no >directory mask = 0700 > >My searches on the web have not helped much. I am running on a >Red Hat like >system (CentOS 5). > >Someone please help. I will be eternally grateful. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles
Hi people. Im in need of help as far as roaming profiles are concerned. Allow me as I know this issue has been discussed timelessly but let me just ask it because I have been unable to get it to work. My Samba + Ldap setup is fine and XP users can authenticate alright. Im using samba 3.0.28. However when logging in for the first time, they get the message; Windows cannot locate a server copy-Access is denied When logging off, Windows cannot update your roaming profile... -Access is denied I copied the profiles across from another server, so the first error does not come up except for new users and the old profiles are mapped onto the users machines just fine. I think I've done everything for roaming profiles to work including mkdir -p /var/lib/samba/profiles chown root:users /var/lib/samba/profiles chmod 2775 /var/lib/samba/profiles chown -R user /var/lib/samba/profiles/user/ The samba logs don't show any errors. Below is my smb.conf file [global] workgroup = EXAMPLE netbios name = EXAMPLE_SERVER server string = Samba Server Version %v passdb backend = ldapsam:ldap://example.org/ log file = /var/log/samba/%m.log max log size = 50 add user script = /usr/sbin/adduser -m "%u" add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon script = %u.bat logon path = \\EXAMPLE_SERVER\profiles\%U logon home = \\EXAMPLE_SERVER\%U domain logons = Yes domain master = Yes ldap admin dn = "cn=config" ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=example,dc=org ldap user suffix = ou=people cups options = raw [homes] comment = Home Directories validusers = %S read only = No browseable = No writable = Yes create mask= 0700 directory mask = 0700 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon share modes = No guest ok = Yes [profiles] path = /var/lib/samba/profiles read only = No writable = Yes profile acls = Yes comment = User profiles create mask = 0600 browsable = no directory mask = 0700 My searches on the web have not helped much. I am running on a Red Hat like system (CentOS 5). Someone please help. I will be eternally grateful. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profiles only for Admin?
my gues is the profiles folder has wrong rights try chmod 777 on the profiles map ( NOT the users map ) and my tip, no roaming profiles on the Administrator. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Albrecht Dreß >Verzonden: dinsdag 19 augustus 2008 11:22 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Roaming Profiles only for Admin? > >Hi all, > >I am currently fighting with roaming user profiles which shall be >stored on an Ubuntu 8.04 Xeon (64 bit) box. I'm running the stock >Ubuntu packages (version 3.0.28a-1ubuntu4.4). The Ubuntu box runs as >PDC with a LDAP backend. > >Adding a Win 2000 SP4 workstation to the domain works >flawlessly. If I >log on on the workstation with a root-like account (UNIX user id 0, >UNIX group id 0), the profile gets stored upon logoff. >However, when I >log on as a "normal" user on the workstation, the profile is *not* >stored. > >My smb.conf (hope I got the relevant parts): > > >[global] >preferred master = yes >local master = yes >domain master = yes >domain logons = yes >security = user >guest ok = no >encrypt passwords = yes >null passwords = no >obey pam restrictions = no >logon path = \\%L\profiles\%U >logon drive = U: > >[profiles] >path = /home/samba/profiles >writeable = yes >store dos attributes = yes >browseable = no >create mask = 0600 >directory mask = 0700 >guest ok = no >profile acls = yes > > >I *think* the permissions for the profiles folder are fine - >1777, with >user root and group set to the primary domain group. The folder >created for the admin account has uid and gid 0, with permissions 0700. > >I also tried to create a profile folder /home/samba/profiles/the_user >manually, with permissions 700, but it's not being filled with data. > >In the system protocol, I see a message like (my vague >translation from >German...) > >"The registry file could not be removed. Your settings were not >replicated, when you have a profile stored on the server. Ask the >administrator. Detail - access denied, build no. 2195" ("Die >Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen >werden nicht repliziert, falls Sie ein servergspeichertes >Profil haben. >Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , >Buildnummer ((2195))"). > >Any idea what goes wrong, and how I could fix this problem? > >Thanks in advance, >Albrecht. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles only for Admin?
Hi all, I am currently fighting with roaming user profiles which shall be stored on an Ubuntu 8.04 Xeon (64 bit) box. I'm running the stock Ubuntu packages (version 3.0.28a-1ubuntu4.4). The Ubuntu box runs as PDC with a LDAP backend. Adding a Win 2000 SP4 workstation to the domain works flawlessly. If I log on on the workstation with a root-like account (UNIX user id 0, UNIX group id 0), the profile gets stored upon logoff. However, when I log on as a "normal" user on the workstation, the profile is *not* stored. My smb.conf (hope I got the relevant parts): [global] preferred master = yes local master = yes domain master = yes domain logons = yes security = user guest ok = no encrypt passwords = yes null passwords = no obey pam restrictions = no logon path = \\%L\profiles\%U logon drive = U: [profiles] path = /home/samba/profiles writeable = yes store dos attributes = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = no profile acls = yes I *think* the permissions for the profiles folder are fine - 1777, with user root and group set to the primary domain group. The folder created for the admin account has uid and gid 0, with permissions 0700. I also tried to create a profile folder /home/samba/profiles/the_user manually, with permissions 700, but it's not being filled with data. In the system protocol, I see a message like (my vague translation from German...) "The registry file could not be removed. Your settings were not replicated, when you have a profile stored on the server. Ask the administrator. Detail - access denied, build no. 2195" ("Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , Buildnummer ((2195))"). Any idea what goes wrong, and how I could fix this problem? Thanks in advance, Albrecht. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles and folder redirection: programs 'not responding'
Heiko, I suggest you concentrate on the re-directed folders - not the roaming profile - because the roaming profile is copied to the local hard disc when you log on - so throughout your session it is locally stored. You might try un-directing your re-directed folders one at a time (over a period of a week) to see which one appears to be affecting performance. Regards, David Collins On Sun, 2008-08-10 at 13:34 +0200, Heiko Harders wrote: > Hello, > > I've setup a PDC with Samba 3.0.31 and I am testing on a Windows Vista > box (64 bits version). > Often I get the message of programs that they are not responding and > it takes about half a minute before I can use them again. Especially > Mozilla Firefox has this problem often (allthough I'm using this > program the most, so it is also the most obvious). > > I am using roaming profiles with folder redirection. I excluded all > folders from the profile through a registry setting and redirected all > folders in the user shell folders to network drivers, except the > folders that appear in 'AppData/Local' (so the local, machine > dependent settings are excluded from the profile and they are located > on the local disk of the computer). > > Does anyone recognize these problems? Does anyone know a solution, or > the best way to troubleshoot this? > > My roaming profiles are working fine otherwise, all settings are > nicely stored in the profile, I don't get any error messages and the > user has the proper rights to write to any network drive that is > needed for this user. Also I have no problems with the network > connection. I detected no packet loss and the response time is fast > (tried pinging to the server while the problem occured, average time > was 0 ms and 0% packet loss). The problem is by far not occuring as > much when I'm logged in using a local profile on the machine, so I > think it must be some problem with the PDC connecting with Vista. > > Greetings, > Heiko > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles and folder redirection: programs 'not responding'
Hello, I've setup a PDC with Samba 3.0.31 and I am testing on a Windows Vista box (64 bits version). Often I get the message of programs that they are not responding and it takes about half a minute before I can use them again. Especially Mozilla Firefox has this problem often (allthough I'm using this program the most, so it is also the most obvious). I am using roaming profiles with folder redirection. I excluded all folders from the profile through a registry setting and redirected all folders in the user shell folders to network drivers, except the folders that appear in 'AppData/Local' (so the local, machine dependent settings are excluded from the profile and they are located on the local disk of the computer). Does anyone recognize these problems? Does anyone know a solution, or the best way to troubleshoot this? My roaming profiles are working fine otherwise, all settings are nicely stored in the profile, I don't get any error messages and the user has the proper rights to write to any network drive that is needed for this user. Also I have no problems with the network connection. I detected no packet loss and the response time is fast (tried pinging to the server while the problem occured, average time was 0 ms and 0% packet loss). The problem is by far not occuring as much when I'm logged in using a local profile on the machine, so I think it must be some problem with the PDC connecting with Vista. Greetings, Heiko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles won't save changes
In both 2000 and XP when someone makes a change to thier desktop, folders located on thier desktop, etc, then logs out those changes are not reflected on the server. Thus when that person logs back in all files, icons, etc are restored even though they were deleted. Logouts occur very rapidly but logins occur very slowly and it is only certain users that have this issue. What must I do to fix this? Has anyone seen this before? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
On 5/30/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: and this is why you also must check you Temp and internet Temp Unless someone intentionally moved them, these ARE IN THE LOCAL SETTINGS FOLDER so NO, you do NOT need to worry about these. This is very simple to check - do you see a 'Local Settings' folder in the server side of their roaming profile? If you do, then someone changed something in a very stupid way. I have people with 2GB profiles, with most of the stuff (1.95GB) in the Local Settings folder, and their roaming profile loads just fine. -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profiles Load Very Slowly
and this is why you also must check you Temp and internet Temp I've had lots of strange thing, they came and go. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Charles Marcus >Verzonden: donderdag 29 mei 2008 21:37 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly > >On 5/29/2008, Gar Nelson ([EMAIL PROTECTED]) wrote: >> I agree with the java cache being a likely suspect if "Application >> Data" is still being loaded via the roaming profile. > >Yeah, I don't know why they don't default that to the Local Settings >folder... dumb... > >-- > >Best regards, > >Charles >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
On 5/29/2008, Gar Nelson ([EMAIL PROTECTED]) wrote: I agree with the java cache being a likely suspect if "Application Data" is still being loaded via the roaming profile. Yeah, I don't know why they don't default that to the Local Settings folder... dumb... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles Load Very Slowly
Another alternative from /home, as root; # how big are the profile directories du --max-depth=2 | grep profile | sort -nr # where are the big offenders? du --max-depth=3 | grep profile | more I agree with the java cache being a likely suspect if "Application Data" is still being loaded via the roaming profile. Gar L.P.H. van Belle wrote: Small suggestion. Get this http://www.jam-software.com/freeware/TreeSizeFree.zip Tree Size, go find out how big your profile on you pc is. then check the size on the profile folder of the user. these should be about the same. if not, Logon the server, cleanup the profile of the users. backup and remove the profile of the user on the server. logoff and logon again and check again. Google earth can be very big. java Cache also. Clean up internet cache and temperary files. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Greg Koch Verzonden: donderdag 29 mei 2008 6:20 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly The particular login that had that error was several logins ago. The current logins are not producing any errors on the server side. Logoff is almost instantaneous. I am having problems with it even with editing NTUSER.dat and redirecting the folders to shares. There has been a suggestion that it is name server related - WINS NMBD and DNS are working without error. As I said before, I can access the shares from any computer without any problem, its just the login that takes forever, and as I have it right now with the redirected files, it should only be reading the NTUSER.DAT file from the server, and it STILL takes forever. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] Roaming Profiles Load Very Slowly
On 5/29/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: Clean up internet cache and temperary files. These are in the 'Local Settings' folder, which is, by default, NOT part of a roaming profile, so is irrelevant... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Roaming Profiles Load Very Slowly
Small suggestion. Get this http://www.jam-software.com/freeware/TreeSizeFree.zip Tree Size, go find out how big your profile on you pc is. then check the size on the profile folder of the user. these should be about the same. if not, Logon the server, cleanup the profile of the users. backup and remove the profile of the user on the server. logoff and logon again and check again. Google earth can be very big. java Cache also. Clean up internet cache and temperary files. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Greg Koch Verzonden: donderdag 29 mei 2008 6:20 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly The particular login that had that error was several logins ago. The current logins are not producing any errors on the server side. Logoff is almost instantaneous. I am having problems with it even with editing NTUSER.dat and redirecting the folders to shares. There has been a suggestion that it is name server related - WINS NMBD and DNS are working without error. As I said before, I can access the shares from any computer without any problem, its just the login that takes forever, and as I have it right now with the redirected files, it should only be reading the NTUSER.DAT file from the server, and it STILL takes forever. Greg Koch wrote: > I have checked the samba logs, and I don't see any errors. I have no > problems reading files once logged in, or if I mount the shares > through linux or macos, or even if I connect to the shares from a > computer outside the domain. I can resolve the computers NetBIOS name > (power). See some of my log below (chris is the machine, gregory is > the username I've tested with). I have also tried changing the > NTUSER.dat file to set it to read files directly from the server, but > no luck there either, it still takes a LONG time to login (see other > subthread of this conversation: > https://lists.samba.org/archive/samba/2008-May/140933.html) > > [2008/05/28 13:26:57, 1] param/loadparm.c:set_server_role(4279) > Server's Role (logon server) NOT ADVISED with domain-level security > [2008/05/28 13:47:30, 0] lib/util_sock.c:read_data(534) > read_data: read failure for 4 bytes to client 192.168.0.250. Error = > No route to host > [2008/05/28 13:59:09, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service gregory initially as user > gregory (uid=500, gid=502) (pid 26439) > [2008/05/28 14:04:28, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service gregory > [2008/05/28 14:04:28, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service netlogon initially as user > gregory (uid=500, gid=502) (pid 26473) > [2008/05/28 14:04:38, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service netlogon > [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service gregory initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service netlogon initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:17:35, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service gregory initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:18:10, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service gregory initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:22:17, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service netlogon > [2008/05/28 14:23:20, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service netlogon initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:23:30, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service netlogon > [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service gregory initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) > chris (192.168.0.250) connect to service netlogon initially as user > gregory (uid=500, gid=502) (pid 26528) > [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service gregory > [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service gregory > [2008/05/28 14:28:48, 1] smbd/service.c:close_cnum(1230) > chris (192.168.0.250) closed connection to service g
RE: [Samba] Roaming Profiles Load Very Slowly
Hi, Java 1.4 and 1.6 are capable of disabling the java cache. In windows configuation panel, goto Java. On the Tab General, click below Temparary Internet Settings on "Settings" here you can disable the caching. Java 1.5 ( aka 5 ) does not have this option. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Adam Williams >Verzonden: woensdag 28 mei 2008 14:49 >Aan: [EMAIL PROTECTED] >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly > >how do you disable java caching? > >L.P.H. van Belle wrote: >> I agree, roming is very slow with lots of small files. >> >> a tip i can give everybody, disable java caching. >> i had a user with 6500+ files in java cache dir which made >> loggin in very slow. >> >> Louis >> >> >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
The particular login that had that error was several logins ago. The current logins are not producing any errors on the server side. Logoff is almost instantaneous. I am having problems with it even with editing NTUSER.dat and redirecting the folders to shares. There has been a suggestion that it is name server related - WINS NMBD and DNS are working without error. As I said before, I can access the shares from any computer without any problem, its just the login that takes forever, and as I have it right now with the redirected files, it should only be reading the NTUSER.DAT file from the server, and it STILL takes forever. Greg Koch wrote: I have checked the samba logs, and I don't see any errors. I have no problems reading files once logged in, or if I mount the shares through linux or macos, or even if I connect to the shares from a computer outside the domain. I can resolve the computers NetBIOS name (power). See some of my log below (chris is the machine, gregory is the username I've tested with). I have also tried changing the NTUSER.dat file to set it to read files directly from the server, but no luck there either, it still takes a LONG time to login (see other subthread of this conversation: https://lists.samba.org/archive/samba/2008-May/140933.html) [2008/05/28 13:26:57, 1] param/loadparm.c:set_server_role(4279) Server's Role (logon server) NOT ADVISED with domain-level security [2008/05/28 13:47:30, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 192.168.0.250. Error = No route to host [2008/05/28 13:59:09, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26439) [2008/05/28 14:04:28, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:04:28, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26473) [2008/05/28 14:04:38, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:17:35, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:18:10, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:22:17, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:23:20, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:23:30, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:28:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:29:41, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:32:37, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:34:02, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:34:02, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528)
Re: [Samba] Roaming Profiles Load Very Slowly
On 5/28/2008, Greg Koch ([EMAIL PROTECTED]) wrote: [2008/05/28 13:26:57, 1] param/loadparm.c:set_server_role(4279) Server's Role (logon server) NOT ADVISED with domain-level security [2008/05/28 13:47:30, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 192.168.0.250. Error = No route to host Could that have anything to do with it? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
Charles Marcus wrote: DNS was my kneejerk reaction, too, but I thought that it would be good to mention small files which may or may not be in local settings. Another thought that just occurred, there seems to be a significant speed difference when the Web Client service is turned off. Many thanks to John Terpstra and Jelmer Vernooij for this tip in TOSHARG (the book is worth its weight in gold, and it isn't light!). With the Web Client service on, it almost feels like you've got a bit of browsing issue. -- Interesting - just checked, and googled on that service, and it does appear to be useless. I disabled it to see if I notice any difference - not that I was having any problems... Network browins does seem a *little* snappier - hard to tell, though, since I never complained about it before... Try it with a redirected desktop ;) You can feel the latency with it on (or, at least, I can. It might also be psychological). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles Load Very Slowly
I have checked the samba logs, and I don't see any errors. I have no problems reading files once logged in, or if I mount the shares through linux or macos, or even if I connect to the shares from a computer outside the domain. I can resolve the computers NetBIOS name (power). See some of my log below (chris is the machine, gregory is the username I've tested with). I have also tried changing the NTUSER.dat file to set it to read files directly from the server, but no luck there either, it still takes a LONG time to login (see other subthread of this conversation: https://lists.samba.org/archive/samba/2008-May/140933.html) [2008/05/28 13:26:57, 1] param/loadparm.c:set_server_role(4279) Server's Role (logon server) NOT ADVISED with domain-level security [2008/05/28 13:47:30, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 192.168.0.250. Error = No route to host [2008/05/28 13:59:09, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26439) [2008/05/28 14:04:28, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:04:28, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26473) [2008/05/28 14:04:38, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:11:32, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:17:35, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:18:10, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:22:17, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:23:20, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:23:30, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:28:18, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:28:18, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:28:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:29:41, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:29:48, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:32:37, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:34:02, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service gregory [2008/05/28 14:34:02, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service netlogon initially as user gregory (uid=500, gid=502) (pid 26528) [2008/05/28 14:34:12, 1] smbd/service.c:close_cnum(1230) chris (192.168.0.250) closed connection to service netlogon [2008/05/28 14:50:10, 1] smbd/service.c:make_connection_snum(1033) chris (192.168.0.250) connect to service gregory initially as user gregory (uid=500, gid=502) (pid 26748) Greg Koch wrote: The profiles are 1.1MB (Just the default files and a few other things to test with). The server is 1000MB and the clients are 100MB. This is why it has baffled me so much! Adam Williams wrote: how big are the profiles? what speeds are the NICs in the server and client PCs operating at? -- To unsubscribe from this list go to the following