Re: [Samba] Roaming Profiles under Linux clients
Hi Mario, Any ideas how to implement roaming profile under Linux as the clients? pam_csync http://www.csync.org/ seems to be pretty close to a direct feature-equivalent for linux. Csync indeed seems to be the closest match I found too. Unfortunatly the project does not seems very lively, last release was in 2010 and the developpement trac interface is down... However the blog linked on the main page talked about csync recently (http://blog.cryptomilk.org/2012/03/21/synchronize-two-folders-on-a-mac-and-other-unix-systems-with-csync/) so I might still give it a try. If anyone has some experience with that, I'm interested in earing from them, especially the bad cases scenario (two sessions opens concurently, clock skew, etc.). though such a thing is not always appropriate, nfs or pam_mount will be faster and easier to maintain if you don't need the clients to be able to work off-line. In the past, I've been using nfs for home directory export but I've never have been able to make file ACL working right (share ACL, defaults ACL, usmask and all). Then I switched to CIFS mounting and the ACL issue is now resolved. However when you have 40 users with badly written userland programs pounding 'round the clock on their CIFS mounted home, it gets tought for the file server. I'd prefer for that bunch of mostly useless random io to stay locally than to be transfered to the server. Roaming profile is a pain to maintain, but mounted home share are not a solution either in my use case. note : I had some bad time with pam_mount. I would advise to use pam_script and handling the mounting in your own script, it is much more versatile and easier to debug. Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On Sun, Oct 7, 2012 at 6:44 PM, Michael Wood wrote: > On 6 October 2012 17:13, steve wrote: > > On 06/10/12 11:14, Michael Wood wrote: > On 5 October 2012 17:36, steve wrote: > >>> > >>> On 05/10/12 17:21, Michael Wood wrote: > >>> > > On 5 October 2012 13:14, steve wrote: > [...] > > > >>> [...] Linux clients map whatever the [home] > >>> share points at to the unixHomeDirectory attribute. The latter can use > >>> either winbind or nslcd to pull the info from ldap. > >>> Let me know if you need any more detail. > >> > >> That doesn't sound like a roaming profile at all. > > > > No it isn't. The bit before it was. I mentioned it as we set it at the > same > > time as the profile path in the directory. That's all. > > By "the bit before that" I assume you mean the LDAP and share changes? > That would not magically make the client do anything. In particular > it would not make them copy profiles to/from the server. That is why > I was asking about configuration and software on the client and not > the server, which you had already mentioned. > > Anyway, from what you and Rowland have said that is not possible with > Linux clients. Of course roaming profiles may not be what you want > and you could instead access everything directly over the network > using e.g. NFS4 as you say. > > -- > Michael Wood > -- > Thank you guys. You give me ideas on the alternative coz as you said it is not possible. Suppose to be I want the a particular user account's profiles, the same regardless where he/she login on a workstations (either Windows or Linux). As far I read some articles it loads faster when you first login on a new workstation (I dunno know if it really true as of the moment). At the same time backup of files on the server side. I use winbind and modify some configurations on the pam.d. I dunno have idea yet of Samba4 ldap. I bit confused on it, unless some will give idea on it. Do I need to setup ldap clients? and/or the correct configurations? coz in samba3 (as DC) you need it to pull out the data via TLS to make it secure. On Mon, Oct 8, 2012 at 4:32 AM, Chris Weiss wrote: >pam_csync http://www.csync.org/ seems to be pretty close to a direct >feature-equivalent for linux. >though such a thing is not always appropriate, nfs or pam_mount will >be faster and easier to maintain if you don't need the clients to be >able to work off-line. I will try to use it, among those three if which is more efficient, pam_csync, nfs or pam_mount. Thanks again for the information. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On Thu, Oct 4, 2012 at 10:29 PM, Mario Codeniera wrote: > > Any ideas how to implement roaming profile under Linux as the clients? pam_csync http://www.csync.org/ seems to be pretty close to a direct feature-equivalent for linux. though such a thing is not always appropriate, nfs or pam_mount will be faster and easier to maintain if you don't need the clients to be able to work off-line. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 6 October 2012 17:13, steve wrote: > On 06/10/12 11:14, Michael Wood wrote: >> >> On 5 October 2012 17:36, steve wrote: >>> >>> On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] > >>> [...] Linux clients map whatever the [home] >>> share points at to the unixHomeDirectory attribute. The latter can use >>> either winbind or nslcd to pull the info from ldap. >>> Let me know if you need any more detail. >> >> That doesn't sound like a roaming profile at all. > > No it isn't. The bit before it was. I mentioned it as we set it at the same > time as the profile path in the directory. That's all. By "the bit before that" I assume you mean the LDAP and share changes? That would not magically make the client do anything. In particular it would not make them copy profiles to/from the server. That is why I was asking about configuration and software on the client and not the server, which you had already mentioned. Anyway, from what you and Rowland have said that is not possible with Linux clients. Of course roaming profiles may not be what you want and you could instead access everything directly over the network using e.g. NFS4 as you say. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:32, Rowland Penny wrote: On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. Hi We use NFS4 to mount the samba share directories on the Linux clients. If you want, you could also mount the profiles share so that your users had access to whatever was on e.g. their windows desktop too. As we have more Linux clients than windows, I try to encourage users to store stuff in their home folder rather than in their windows profile. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. No it isn't. The bit before it was. I mentioned it as we set it at the same time as the profile path in the directory. That's all. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 17:36, steve wrote: > On 05/10/12 17:21, Michael Wood wrote: >> >> On 5 October 2012 13:14, steve wrote: >> [...] >>> >>> Hi >>> It's working here with Version 4.0.0rc3-GIT-56ffe75 >>> >>> All we do to set up the roaming profile on Linux is to add the attribute: >>> profilePath: \\server\profiles\steve2 >>> to the user DN entry in LDAP. >>> >>> and whilst we're there we also map his windows home directory to his >>> Linux >>> home directory: >>> homeDrive: Z: >>> homeDirectory: \\server\home\steve2 >>> >>> Make sure that the profiles share is writeable by the users. We chmod >>> 1777'd >>> it. >>> >>> HTH >>> Steve >> >> I've never looked at this and don't need it now, but I'm interested. >> How is this implemented on client? > > [...] Linux clients map whatever the [home] > share points at to the unixHomeDirectory attribute. The latter can use > either winbind or nslcd to pull the info from ldap. > Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? The above is what ADUC adds to the directory when you fill in the fields on the profile tab for a user. It's quicker to use a little script around samba-tool user add and add the attributes on the Linux AD machine rather than use ADUC. You just need ldbmodify and the (in this example) the [home] and [profiles] shares in smb.conf. Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 13:14, steve wrote: [...] > Hi > It's working here with Version 4.0.0rc3-GIT-56ffe75 > > All we do to set up the roaming profile on Linux is to add the attribute: > profilePath: \\server\profiles\steve2 > to the user DN entry in LDAP. > > and whilst we're there we also map his windows home directory to his Linux > home directory: > homeDrive: Z: > homeDirectory: \\server\home\steve2 > > Make sure that the profiles share is writeable by the users. We chmod 1777'd > it. > > HTH > Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 05/10/12 09:44, Denis Cardon wrote: Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
Hi Mario, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I'm interested in the way you configured the roaming profile on the linux side. Did you use csync for the synchronisation? I've looked at it in the past and didn't found any straight away solution. Anyway, I guess there should be some kind of Administrator.linux profile directory on the server side since the ubuntu profile won't be compatible from windows to linux (those profiles are not even compatible between winxp and win7...) Cheers, Denis I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.57 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming Profiles under Linux clients
Hi, As I configured the Roaming profiles under linux, it more or less generate an abnormal operation (in less than 2 mins) if I add/copy some files to the home directory. But for Windows XP and Windows 7 is running smoothly and it generates folders at the Samba4 server location with corresponding users. e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on my observations. I was confused on roaming under linux (or maybe it was not yet supported), because once I login as the administrator (one account in Samba4 - AD user) in linux, adding (files to the desktop) or modifying (I used to move to the home directory). Then login to the Windows 7 and WinXP, it will NOT login when I see the logs of the server using -d3 Kerberos: Client sent patypes: encrypted-timestamp, 128 Kerberos: Looking for PKINIT pa-data -- administrator@UCHIHA Kerberos: Looking for ENC-TS pa-data -- administrator@UCHIHA Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA (enctype arcfour-hmac-md5) error Decrypt integrity check failed Kerberos: Failed to decrypt PA-DATA -- administrator@UCHIHA Kerberos: AS-REQ administrator@UCHIHA from ipv4:192.168.150.135:3064 for krbtgt/UCHIHA@UCHIHA But for a few minutes, you can login again and this time it will display at the system tray (a dialog box) "User Profile Service There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event logs for details or contact your administrator", but those files are just only few bytes (less than 1MB) just the pam.d files. The saved files are not located either of Windows XP or 7. auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator auth_check_password_recv: sam_ignoredomain authentication for user [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/AMBOT-LINUX auth_check_password_send: Checking password for unmapped user [UCHIHA]\[administrator]@[\\AMBOT-LINUX] auth_check_password_send: mapped user is: [UCHIHA]\[administrator]@[\\AMBOT-LINUX] Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] But after a 20mins, coz I went somewhere. It goes to normal again. I conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not detected in the network, but WinXp and Ubuntu machines are visible. Any ideas how to implement roaming profile under Linux as the clients? Cheers, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
