Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 04.08.2011 12:09, schrieb J. Echter: Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set domain logons = yes to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf getent passwda-user-created-on-PDC on BDC shows his entry? --- TAKAHASHI Motonobumo...@samba.gr.jp ok, im sorry. im stupid. i overlooked that i disabled domain logons... now its showing the right domain with pdbedit -v thanks a lot. now im trying to logon again... cheers. so, i now have nsswitch, ldap and samba working... almost :) i added an test user, and created a testshare with valid users = test pdbedit -v test (all on bdc, users created on pdc) Unix username:test NT username: test Account Flags:[U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3178 Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513 Full Name:test Home Directory: \\mule\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\mule\profile\test Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fr, 05 Aug 2011 08:49:26 CEST Password can change: Fr, 05 Aug 2011 08:49:26 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF getent passwd: test:x:1089:513:System User:/home/test:/bin/false getent group: Domain Admins:*:512:Administrator Domain Users:*:513: Domain Guests:*:514: Domain Computers:*:515: if i try to access the share, windows xp keeps asking for my password. /var/log/samba/log.smbd tells me: pdb_get_group_sid: Failed to find Unix account for test [2011/08/05 09:44:02, 0] auth/auth_sam.c:355(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' whats wrong now? thanks for helping me. still lost. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: net rpc getsid hi, yes i did this step and just repeated it to be sure. sudo net rpc getsid bdc: [sudo] password for bdc: Storing SID S-1-5-21-3842863818-2180709222-141296495 for Domain WORKGROUP in secrets.tdb pdc: sudo smbldap-useradd -a test bdc: pdbedit -v test Unix username:test NT username: test Account Flags:[UX ] User SID: S-1-5-21-3842863818-2180709222-141296495-3174 Primary Group SID:(NULL SID) Full Name:test Home Directory: \\pdc\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:0 Password can change: 0 Password must change: 0 Last bad password : 0 Bad password count : 0 Logon hours : FF im completely lost, as you surely mentioned :) greetings and thanks juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set domain logons = yes to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf getent passwda-user-created-on-PDC on BDC shows his entry? --- TAKAHASHI Motonobumo...@samba.gr.jp ok, im sorry. im stupid. i overlooked that i disabled domain logons... now its showing the right domain with pdbedit -v thanks a lot. now im trying to logon again... cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:54, schrieb J. Echter: Am 02.08.2011 14:40, schrieb Julien Celle: Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. first both of my configs... BDC: [global] domain master = no domain logons = yes passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d PDC: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d atm i have domain logons = no, to avoid negative interaction with my running pdc. hope this helps. ok, what i know now :) there get's a second domain added to ldap directory if i, for example, add an user on pdc and do a pdbedit -v an-user i have a second SambaDomainName in my ldap tree. This one is called the same as my bdc is configured in its smb.conf. is it forbidden to name the server bdc or similar? i have set workgroup = workgroup in smb.conf on pdc and bdc. im lost with this... thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set domain logons = yes to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf getent passwd a-user-created-on-PDC on BDC shows his entry? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username:test NT username: test Account Flags:[U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID:(NULL SID) Full Name:test Home Directory: \\pdc\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc:db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
First of all, there is a problem between your samba conf and the output of pdbedit : your server netbios name is defined in your smb.conf as 'BDC' and your workgroup/domain as 'workgroup' whereas the pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. Setting those correctly to the same values should help. Le 02/08/2011 13:08, J. Echter a écrit : Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username: test NT username: test Account Flags: [U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID: (NULL SID) Full Name: test Home Directory: \\pdc\test HomeDir Drive: H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc: db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:06, schrieb Julien Celle: First of all, there is a problem between your samba conf and the output of pdbedit : your server netbios name is defined in your smb.conf as 'BDC' and your workgroup/domain as 'workgroup' whereas the pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. Setting those correctly to the same values should help. Le 02/08/2011 13:08, J. Echter a écrit : Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username: test NT username: test Account Flags: [U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID: (NULL SID) Full Name: test Home Directory: \\pdc\test HomeDir Drive: H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc: db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. Hi, my PDC has netbios name PDC and domain WORKGROUP, this one works (but not with LDAP) i setup this box called BDC (i want to integrate it as BDC later on) I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. thanks for helping greetings juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:40, schrieb Julien Celle: Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. first both of my configs... BDC: [global] domain master = no domain logons = yes passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d PDC: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d atm i have domain logons = no, to avoid negative interaction with my running pdc. hope this helps. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echter j.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobu mo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Wed, 20 Jul 2011 17:58:34 +0200 i've finally have my LDAP backend working for authentication for my DC. Logon scripts are executed, user is authenticated, but my roaming profiles are not found. here is what i have in my config files: (snip) hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ Try to comment this line. [profile] path = /bacula/samba/profile This path has valid permission? guest ok = yes Try to remove guest ok line. And actually pdbedit -v a-user shows valid profile path? --- TAKAHASHI Motonobumo...@monyo.com hi, tried all your hints. still now profiles found... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Hai, a working profile share.. [profiles] path = /bacula/samba/profile comment = Profiel enviroment. read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins good luck. -Oorspronkelijk bericht- Van: j.ech...@elektro-mayer-echter.de [mailto:samba-boun...@lists.samba.org] Namens J. Echter Verzonden: 2011-07-20 18:21 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: [profile] path = /bacula/samba/profile This path has valid permission? drwxrwxrwt 21 root root 4096 Jul 7 09:48 profile And actually pdbedit -v a-user shows valid profile path? pdbedit -v klaudia Full Name:klaudia Home Directory: \\pdc\klaudia HomeDir Drive:H: Logon Script: klaudia.bat Profile Path: \\pdc\profile\klaudia Domain: WORKGROUP cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 21.07.2011 11:33, schrieb L.P.H. van Belle: Hai, a working profile share.. [profiles] path = /bacula/samba/profile comment = Profiel enviroment. read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins good luck. i'll try with this one and will report back. thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Hi, i've finally have my LDAP backend working for authentication for my DC. Logon scripts are executed, user is authenticated, but my roaming profiles are not found. here is what i have in my config files: smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\%L\profile\%U logon script = %U.bat logon drive = H: hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no smbldap.conf userHome=/home/%U (also tried \\pdc\%U) userSmbHome=\\pdc\%U userProfile=\\pdc\profile\%U userHomeDrive=H: userScript=%U.bat what is it what i am overlooking? many thanks and greets juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 20 Jul 2011 17:58:34 +0200 i've finally have my LDAP backend working for authentication for my DC. Logon scripts are executed, user is authenticated, but my roaming profiles are not found. here is what i have in my config files: (snip) hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ Try to comment this line. [profile] path = /bacula/samba/profile This path has valid permission? guest ok = yes Try to remove guest ok line. And actually pdbedit -v a-user shows valid profile path? --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: [profile] path = /bacula/samba/profile This path has valid permission? drwxrwxrwt 21 root root 4096 Jul 7 09:48 profile And actually pdbedit -v a-user shows valid profile path? pdbedit -v klaudia Full Name:klaudia Home Directory: \\pdc\klaudia HomeDir Drive:H: Logon Script: klaudia.bat Profile Path: \\pdc\profile\klaudia Domain: WORKGROUP cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba