Results 1 to 4 of 4

Thread: samba: roaming profiles for winxp

  1. #1
    Join Date
    Jan 2009
    Posts
    10

    Default samba: roaming profiles for winxp

    Hello

    I am trying to set up samba using roaming profiles for win xp. My plan is to store those profiles on a seperate partition /admin/profiles.
    Unfortunately, everytime when I want to log in, windows tells me that the path is broken or permissions might be denied and creates local temporary profiles.
    However, trying to create a folder by hand, throughout the explorer works fine. So permissions should be set correctly.

    Here is my smb.conf:

    [global]
    netbios name = server
    workgroup = smb

    domain master = yes
    local master = yes
    preferred master = auto
    os level = 33

    passdb backend = tdbsam

    security = user

    domain logons = yes
    logon path = "\\%N\profiles\%U"
    logon home = "\\%N\%U\"
    #logon script = logon.cmd

    add machine script = /usr/sbin/useradd -s /bin/false "%u"
    #add user script = /usr/sbin/useradd "%u" -m
    #add group script = /usr/sbin/groupadd "%g"
    add user to group script = /usr/sbin/groupmod -A "%u" "%g"

    [netlogon]
    path = /admin/netlogon
    read only = yes

    [profiles]
    path = /admin/profiles
    read only = no
    create mask = 0600
    directory mask = 0700

    [homes]
    valid users = %U
    writeable = yes
    browseable = no

    [install]
    path = /admin/install
    readonly = no

    [databases]
    path = /databases
    readonly = no

    [public]
    path = /public
    readonly = no


    Thanks in advance,
    smdg

  2. #2
    PV NNTP User

    Default Re: samba: roaming profiles for winxp

    On Wed September 9 2009 08:26 am, smdg wrote:

    >
    > Hello
    >
    > I am trying to set up samba using roaming profiles for win xp. My plan
    > is to store those profiles on a seperate partition /admin/profiles.
    > Unfortunately, everytime when I want to log in, windows tells me that
    > the path is broken or permissions might be denied and creates local
    > temporary profiles.
    > However, trying to create a folder by hand, throughout the explorer
    > works fine. So permissions should be set correctly.
    >
    > Here is my smb.conf:
    >
    > [global]
    > netbios name = server
    > workgroup = smb
    >
    > domain master = yes
    > local master = yes
    > preferred master = auto
    > os level = 33
    >
    > passdb backend = tdbsam
    >
    > security = user
    >
    > domain logons = yes
    > logon path = "\\%N\profiles\%U"
    > logon home = "\\%N\%U\"
    > #logon script = logon.cmd
    >
    > add machine script = /usr/sbin/useradd -s /bin/false "%u"
    > #add user script = /usr/sbin/useradd "%u" -m
    > #add group script = /usr/sbin/groupadd "%g"
    > add user to group script = /usr/sbin/groupmod -A "%u" "%g"
    >
    > [netlogon]
    > path = /admin/netlogon
    > read only = yes
    >
    > [profiles]
    > path = /admin/profiles
    > read only = no
    > create mask = 0600
    > directory mask = 0700
    >
    > [homes]
    > valid users = %U
    > writeable = yes
    > browseable = no
    >
    > [install]
    > path = /admin/install
    > readonly = no
    >
    > [databases]
    > path = /databases
    > readonly = no
    >
    > [public]
    > path = /public
    > readonly = no
    >
    >
    > Thanks in advance,
    > smdg
    >
    >

    smdg;
    Try redoing the profile share as:
    Code:
    [profiles]
    path = /admin/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes
    browseable = No
    profile acls = Yes
    The important setting here is "profile acls" , the other two parameters I
    added are more style, but recommended. Make sure that /admin/profiles is
    world writable, or at least writable by every domain user.

    I would also suggest something like:
    Code:
    [homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    read only = No
    inherit acls = Yes
    browseable = No
    for the [homes] share. Please post back if this does not help. Good luck.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  3. #3
    Join Date
    Jan 2009
    Posts
    10

    Default Re: samba: roaming profiles for winxp

    Thank you for your help, though adding those lines
    doesn't solve the problem.




    I don't know if there might be a connection, but when I change the following lines:

    #add user script = /usr/sbin/useradd "%u" -m
    #add group script = /usr/sbin/groupadd "%g"

    to be not commented, I still can't add a user by just
    using smbpasswd -a user.("Failed to modify password entry for user")
    I have to add the user by hand at first and later on I can create a samba-user. I thought these lines would manage the /etc/passwd.
    DUMM QUESTION: Could there be a permission problem between samba and the sys-utils (users and profile-directories can't be created)
    pdbedit -L root prompts root:0:root

    Thank you!!!

  4. #4
    PV NNTP User

    Default Re: samba: roaming profiles for winxp

    On Thu September 10 2009 05:56 am, smdg wrote:

    >
    > Thank you for your help, though adding those lines
    > doesn't solve the problem.
    >
    >
    >
    >
    > I don't know if there might be a connection, but when I change the
    > following lines:
    >
    > #add user script = /usr/sbin/useradd "%u" -m
    > #add group script = /usr/sbin/groupadd "%g"
    >
    > to be not commented, I still can't add a user by just
    > using smbpasswd -a user.("Failed to modify password entry for user")
    > I have to add the user by hand at first and later on I can create a
    > samba-user. I thought these lines would manage the /etc/passwd.
    > DUMM QUESTION: Could there be a permission problem between samba and
    > the sys-utils (users and profile-directories can't be created)
    > pdbedit -L root prompts root:0:root
    >
    > Thank you!!!
    >

    smdg;
    This is from the smb.conf manual, note that the use of this script is for
    existing Windows NT users:
    add user script (G)
    This is the full pathname to a script that will be run AS ROOT by smbd(8)
    under special circumstances described below.
    Normally, a Samba server requires that UNIX users are created for all users
    accessing files on this server. For sites that use Windows NT account
    databases as their primary user database creating these users and keeping the
    user list in sync with the Windows NT PDC is an onerous task. This option
    allows smbd to create the required UNIX users ON DEMAND when a user accesses
    the Samba server.
    In order to use this option, smbd(8) must NOT be set to security = share and
    add user script must be set to a full pathname for a script that will create
    a UNIX user given one argument of %u, which expands into the UNIX user name
    to create.
    When the Windows user attempts to access the Samba server, at login (session
    setup in the SMB protocol) time, smbd(8) contacts the password server and
    attempts to authenticate the given user with the given password. If the
    authentication succeeds then smbd attempts to find a UNIX user in the UNIX
    password database to map the Windows user into. If this lookup fails, and add
    user script is set then smbd will call the specified script AS ROOT,
    expanding any %u argument to be the user name to create.
    If this script successfully creates the user then smbd will continue on as
    though the UNIX user already existed. In this way, UNIX users are dynamically
    created to match existing Windows NT accounts.
    See also security, password server, delete user script.
    Default: add user script =
    Example: add user script = /usr/local/samba/bin/add_user %u
    So this script kicks in only if the user is in an existing NT user database.

    As for saving profiles, I have run into cases where a network problem
    prevented the profiles from being uploaded from the server. After that
    Windows would only use a temporary profile, even if the network problem was
    corrected. The only way I could get around this is rather inelegant, but it
    worked.

    First remove the local profile from the Windows client (C:documents and
    settings\[<username>|<username.domainname>]) Then delete the user in the
    registry at:
    [hkey_local_machine\software\microsoft\windowsNT\currentversion\profilelist\]

    After this the user could log in with the profile from the server and every
    thing worked. I'm sure there is a more elegant way to do this that does not
    involve "the jug and the sledge", but I never found it.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •