I am trying to set up samba using roaming profiles for win xp. My plan is to store those profiles on a seperate partition /admin/profiles.
Unfortunately, everytime when I want to log in, windows tells me that the path is broken or permissions might be denied and creates local temporary profiles.
However, trying to create a folder by hand, throughout the explorer works fine. So permissions should be set correctly.
Here is my smb.conf:
[global]
netbios name = server
workgroup = smb
domain master = yes
local master = yes
preferred master = auto
os level = 33
>
> Hello
>
> I am trying to set up samba using roaming profiles for win xp. My plan
> is to store those profiles on a seperate partition /admin/profiles.
> Unfortunately, everytime when I want to log in, windows tells me that
> the path is broken or permissions might be denied and creates local
> temporary profiles.
> However, trying to create a folder by hand, throughout the explorer
> works fine. So permissions should be set correctly.
>
> Here is my smb.conf:
>
> [global]
> netbios name = server
> workgroup = smb
>
> domain master = yes
> local master = yes
> preferred master = auto
> os level = 33
>
> passdb backend = tdbsam
>
> security = user
>
> domain logons = yes
> logon path = “\%N\profiles%U”
> logon home = “\%N%U”
> #logon script = logon.cmd
>
> add machine script = /usr/sbin/useradd -s /bin/false “%u”
> #add user script = /usr/sbin/useradd “%u” -m
> #add group script = /usr/sbin/groupadd “%g”
> add user to group script = /usr/sbin/groupmod -A “%u” “%g”
>
> [netlogon]
> path = /admin/netlogon
> read only = yes
>
> [profiles]
> path = /admin/profiles
> read only = no
> create mask = 0600
> directory mask = 0700
>
> [homes]
> valid users = %U
> writeable = yes
> browseable = no
>
> [install]
> path = /admin/install
> readonly = no
>
> [databases]
> path = /databases
> readonly = no
>
> [public]
> path = /public
> readonly = no
>
>
> Thanks in advance,
> smdg
>
>
smdg;
Try redoing the profile share as:
[profiles]
path = /admin/profiles
read only = no
create mask = 0600
directory mask = 0700
store dos attributes = Yes
browseable = No
profile acls = Yes
The important setting here is “profile acls” , the other two parameters I
added are more style, but recommended. Make sure that /admin/profiles is
world writable, or at least writable by every domain user.
I would also suggest something like:
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
for the [homes] share. Please post back if this does not help. Good luck.
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
Thank you for your help, though adding those lines
doesn’t solve the problem.
I don’t know if there might be a connection, but when I change the following lines:
#add user script = /usr/sbin/useradd “%u” -m #add group script = /usr/sbin/groupadd “%g”
to be not commented, I still can’t add a user by just
using smbpasswd -a user.(“Failed to modify password entry for user”)
I have to add the user by hand at first and later on I can create a samba-user. I thought these lines would manage the /etc/passwd.
DUMM QUESTION: Could there be a permission problem between samba and the sys-utils (users and profile-directories can’t be created)
pdbedit -L root prompts root:0:root
>
> Thank you for your help, though adding those lines
> doesn’t solve the problem.
>
>
>
>
> I don’t know if there might be a connection, but when I change the
> following lines:
>
> #add user script = /usr/sbin/useradd “%u” -m
> #add group script = /usr/sbin/groupadd “%g”
>
> to be not commented, I still can’t add a user by just
> using smbpasswd -a user.(“Failed to modify password entry for user”)
> I have to add the user by hand at first and later on I can create a
> samba-user. I thought these lines would manage the /etc/passwd.
> DUMM QUESTION: Could there be a permission problem between samba and
> the sys-utils (users and profile-directories can’t be created)
> pdbedit -L root prompts root:0:root
>
> Thank you!!!
>
smdg;
This is from the smb.conf manual, note that the use of this script is for
existing Windows NT users:
add user script (G)
This is the full pathname to a script that will be run AS ROOT by smbd(8)
under special circumstances described below.
Normally, a Samba server requires that UNIX users are created for all users
accessing files on this server. For sites that use Windows NT account
databases as their primary user database creating these users and keeping the
user list in sync with the Windows NT PDC is an onerous task. This option
allows smbd to create the required UNIX users ON DEMAND when a user accesses
the Samba server.
In order to use this option, smbd(8) must NOT be set to security = share and
add user script must be set to a full pathname for a script that will create
a UNIX user given one argument of %u, which expands into the UNIX user name
to create.
When the Windows user attempts to access the Samba server, at login (session
setup in the SMB protocol) time, smbd(8) contacts the password server and
attempts to authenticate the given user with the given password. If the
authentication succeeds then smbd attempts to find a UNIX user in the UNIX
password database to map the Windows user into. If this lookup fails, and add
user script is set then smbd will call the specified script AS ROOT,
expanding any %u argument to be the user name to create.
If this script successfully creates the user then smbd will continue on as
though the UNIX user already existed. In this way, UNIX users are dynamically
created to match existing Windows NT accounts.
See also security, password server, delete user script.
Default: add user script =
Example: add user script = /usr/local/samba/bin/add_user %u
So this script kicks in only if the user is in an existing NT user database.
As for saving profiles, I have run into cases where a network problem
prevented the profiles from being uploaded from the server. After that
Windows would only use a temporary profile, even if the network problem was
corrected. The only way I could get around this is rather inelegant, but it
worked.
First remove the local profile from the Windows client (C:documents and
settings<username>|<username.domainname>]) Then delete the user in the
registry at:
[hkey_local_machine\software\microsoft\windowsNT\currentversion\profilelist]
After this the user could log in with the profile from the server and every
thing worked. I’m sure there is a more elegant way to do this that does not
involve “the jug and the sledge”, but I never found it.
P. V.
“We’re all in this together, I’m pulling for you.” Red Green