Results 1 to 3 of 3

Thread: Samba: only domain admin can save profile

  1. #1
    Join Date
    Aug 2009
    Location
    Buenos Aires, Argentina
    Posts
    103

    Default Samba: only domain admin can save profile

    Hi all,

    As you know I'm trying to replace a 2k3 server with openSUSE. So far I was able to get working DHCP, DNS, SQUID and SAMBA with LDAP backend.

    Samba works ok login users and creating home and profile folders but somehow only the Domain Admin (administrator) account will automatically save the profile. The administrator account belongs to the ntadmins group while the rest of the users belong to ntusers group.

    When I change a common user from ntusers group to ntadmins the profile will save without problem. If I change it back to it's original group the profile will be read but not updated on log off.

    Folder permissions seems to be ok. The network share (\\pdc\profiles\.msprofile aka Z is being connected with no problem and all users can read and write from and to it.

    I double check all settings and I can't figure out what the problem is. Any ideas will be much appreciated, as always,

    Pancho
    openSUSE | Think correctly

  2. #2
    Join Date
    Nov 2009
    Location
    ND, USA
    Posts
    1,131

    Default Re: Samba: only domain admin can save profile

    On Mon April 4 2011 12:06 pm, Panchux wrote:

    >
    > Hi all,
    >
    > As you know I'm trying to replace a 2k3 server with openSUSE. So far I
    > was able to get working DHCP, DNS, SQUID and SAMBA with LDAP backend.
    >
    > Samba works ok login users and creating home and profile folders but
    > somehow only the Domain Admin (administrator) account will automatically
    > save the profile. The administrator account belongs to the ntadmins
    > group while the rest of the users belong to ntusers group.
    >
    > When I change a common user from ntusers group to ntadmins the profile
    > will save without problem. If I change it back to it's original group
    > the profile will be read but not updated on log off.
    >
    > Folder permissions seems to be ok. The network share
    > (\\pdc\profiles\.msprofile aka Z is being connected with no problem
    > and all users can read and write from and to it.
    >
    > I double check all settings and I can't figure out what the problem is.
    > Any ideas will be much appreciated, as always,
    >
    > Pancho
    >
    >

    Pancho;

    Please post the contents of the [profiles] share. Make sure the nix
    permissions allow writing by the users.
    While you're debugging this you might try to raise the log level for Samba.
    Add to the global section of /etc/samba/smb.conf the parameter:
    Code:
    log level = 3
    Check for errors in /var/log/samba/log.smbd. Or the location you redirected
    logging in your smb.conf.

    You might also want to check to see if AppArmor is getting in the way. I've
    turned AppArmor off on our PDC. I don't recall it interfering with profiles
    but it has probably always been off.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  3. #3
    Join Date
    Aug 2009
    Location
    Buenos Aires, Argentina
    Posts
    103

    Default Re: Samba: only domain admin can save profile

    venzkep, thank you for your input.

    Finally I've found the problem!
    When I created the groups (ntusers and ntadmins) I changed the their SIDs as follows:

    ntadmins >> xxxxxxxxxxxxxxx-512
    ntusers >> xxxxxxxxxxxxxxx-514

    So the SID corresponding to ntusers were actually the one assigned for guests. Guests have mandatory profiles so no changes are saved to the Samba server.
    What I should have done is:

    ntadmins >> xxxxxxxxxxxxxxx-512
    ntusers >> xxxxxxxxxxxxxxx-513
    ntguests >> xxxxxxxxxxxxxxx-514

    Now I have a server with the following services working correctly:

    DHCP
    DNS
    Squid
    Samba (roaming profiles)

    Only thing left is NFS so I can mount an NFS share over the linux client's home directories. But this is not a must since I can use rsync to sync home diectories with a backup share. I would like to save them at log off but have no idea if that's possible.

    Thanks again,

    Pancho
    openSUSE | Think correctly

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •