LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-23-2004, 06:45 PM   #1
Ateo
Member
 
Registered: Sep 2004
Location: http://longbeach.ca.u$
Distribution: Ubuntu,Gentoo, OSX
Posts: 136

Rep: Reputation: 15
Smile [Resolved] :: Roaming profile permissions..


I'm trying to set up my samba server as PDC. So far, I'm able to login. The issue is the workstation cannot load either the roaming profile nor the local profile when I log into the domain.

So let's talk about making sure permissions are correct on the [profile] directory. Well, I'd love to chat about it but I have yet to find any examples that discusses the correct permissions of this directory. So, I've tried different combinations of owner, groups and permissions but non seem to work.

There is much inconsistancy in all of the examples I've run across so I'm weary of which example to follow and there isn't a single thread that has actually suggested that anyone has successfully got roaming profiles to work with samba. Sure, I've seen people claim it works but when I try some of their smb.conf parameters and nothing works, I'm lead to think... Can samba even perform the task of PDC?

I've been working on this for almost a week. I'm getting tired of diddling with it. I'd like someone to explain how samba is even remotely an alternative if it can't be made to work.

Anyways, I'm rambling on. I'm determined to get this working. Here's my conf
Code:
[global]
  ##
  ## Server Naming Options
  ##
  netbios name = shadow
  workgroup = XDRACCO
  server string = xDracco PDC [on Gentoo :: Samba server %v]

  ##
  ## Security and Domain Membership Options
  ##
  hosts allow = 192.168.4.0/24 127.0.0.0/8
  security = domain
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = lo eth0
  bind interfaces only = yes
  local master = yes
  os level = 65
  domain master = yes
  preferred master = yes
  null passwords = no
  hide unreadable = yes
  hide dot files = yes

  ##
  ## Domain Control Options
  ##
  domain logons = yes
  logon script = login.bat
  logon path = \\%L\profiles\%U
  logon drive = H:
  logon home = \\%L\%U\.9xprofile

  ##
  ## Name Resolution Options
  ##
  wins support = yes
  name resolve order = wins lmhosts hosts bcast
  dns proxy = no

  ##
  ## Misc Options
  ##
  time server = yes
  log file = /var/log/samba3/log.%m
  max log size = 50
  smb passwd file = /etc/samba/private/smbpasswd

  add user script = /usr/sbin/useradd -m %u
  delete user script = /usr/sbin/userdel =r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u

  unix charset = ISO8859-1

  ;;net groupmap modify ntgroup="Domain Admins"  unixgroup=root
  ;;net groupmap modify ntgroup="Domain Users"   unixgroup=smbusers
  ;;net groupmap modify ntgroup="Domain Guests"  unixgroup=nobody
  ;; THESE DO NOT WORK, ANYONE KNOW WHY???

[netlogon]
  path = /var/lib/samba/netlogon
  public = no
  writeable = no
  browseable = no

[profiles]
  path = /var/lib/samba/profiles
  nt acl support = no
  csc policy = disable
  profile acls = no
  browseable = no
  read only = no
  default case = lower
  preserve case = no
  short preserve case = no
  case sensitive = no
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  write list = @smbusers @root
  create mask = 0600
  directory mask = 0700

[homes]
  path = /home/%U
  browseable = no
  valid users = %S
  writable = yes
  guest ok = no
  inherit permissions = yes
Here are my permissions on relevant directories:
Code:
shadow samba # ls -l
total 0
drwxr-xr-x  3 root root 136 Dec 23 14:44 netlogon
drwxr-xr-x  7 root root 168 Dec 14 17:10 printers
drwx------  2 root root 136 Dec 23 10:26 private
drwxr-xr-x  4 root root 120 Dec 23 15:29 profiles
And my user profile (chmod 1757):
Code:
shadow profiles # ls -l
total 0
drwxr-xrwt  3 dracco users 72 Dec 23 15:15 dracco
The directories above are located in /var/lib/samba.

Here's my smbpasswd file:
Code:
mrwhite$:1006:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:098D646BA14259AAA6E386A1CE61C4E0:[W          ]:LCT-41CB4761:
dracco:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:74A37A09BC6380B97B4825DE7FD1EF80:[U          ]:LCT-41CB32C2:
root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:FFC8FEC9189DD3278203EC837D977A0F:[U          ]:LCT-41CB472F:
bigtom:1003:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:A4EE944C02878F8E95E8F824FA708A16:[U          ]:LCT-41CB48E1:
And finally, when I log in to the Win2k machine, I'm told that a copy of my profile exists on the server but cannot be loaded unless the directory is owned by the user or an Administrator. As you can see, I own my own folder.

I would also need to mention that the login.bat script is successfully executed on login. It successfully maps 3 of the shared drives (not listed in the conf above) and my home directory (/home/dracco).

Any help would be appreciated.

[edit]
This book is great help unfortunately, it's a little outdated. http://www.oreilly.com/catalog/samba...ook/index.html

Thanks

Last edited by Ateo; 12-23-2004 at 08:35 PM.
 
Old 12-23-2004, 08:35 PM   #2
Ateo
Member
 
Registered: Sep 2004
Location: http://longbeach.ca.u$
Distribution: Ubuntu,Gentoo, OSX
Posts: 136

Original Poster
Rep: Reputation: 15
So I figured it out. Apparently, the parameters under the scope [profiles] was too aggressive. I probably had some options listed not even available for/compiled into samba, I really don't know. But this is what did it for me.

I changed
Code:
[profiles]
  path = /var/lib/samba/profiles
  nt acl support = no
  csc policy = disable
  profile acls = yes
  browseable = yes
  create mode = 0700
  ;directory mode = 0700
  read only = no
  default case = lower
  preserve case = no
  short preserve case = no
  case sensitive = no
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  write list = @smbusers @root
TO
Code:
[profiles]
  path = /var/lib/samba/profiles
  browseable = no
  writeable = yes
  default case = lower
  preserve case = no
  short preserve case = no
  case sensitive = no
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/
  write list = @smbusers @root
  create mode = 0600
  directory mode = 0700
Also, these are the permissions set to my profiles share
Code:
shadow samba # ls -l /var/lib/samba
total 0
drwxr-xr-x  3 root root 136 Dec 23 14:44 netlogon
drwxr-xr-x  7 root root 168 Dec 14 17:10 printers
drwx------  2 root root 136 Dec 23 10:26 private
drwxr-xr-x  3 root root  96 Dec 23 15:42 profiles
shadow profiles # ls -l /var/lib/samba/profiles
total 0
drwxrwx---  13 dracco users 456 Dec 23 17:31 dracco
Hopefully this will help someone out as setting up samba as PDC with roaming profiles does really work.
 
Old 12-24-2004, 09:52 AM   #3
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Code:
# part of being a PDC is providing domain logons
    domain logons = yes
    logon path = \\%N\profiles\%u
    logon drive = K:

...

[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S

## these are for acting like a PDC
[netlogon]
    comment = Network Logon Service
    path = /home/samba/netlogon
    browseable = no
    read only = no
    valid users = %S

[profiles]
    path = /home/samba/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
Those are the relevant parts of mine, roaming profiles DO work, I know because my fresh install of windows on a new machine had my desktop with all the dead links for software I didn't have installed.

If you set it up right with, I think, the logon path command you should be able to get it to serve the profiles from the user's home directories and then you should be OK with default file permissions.
 
Old 12-24-2004, 05:00 PM   #4
Ateo
Member
 
Registered: Sep 2004
Location: http://longbeach.ca.u$
Distribution: Ubuntu,Gentoo, OSX
Posts: 136

Original Poster
Rep: Reputation: 15
I was able to successfully get my PDC up and running. As such, I created a HOWTO (geared towards Gentoo users but any intermediate linux admins should be able to figure it out).

http://forums.gentoo.org/viewtopic.php?t=270569
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
non roaming profile on a roaming profile system fieldyweb Linux - Newbie 1 10-03-2005 12:27 PM
disable samba roaming profile egyptian Linux - Networking 1 08-04-2004 04:06 PM
Samba - Roaming profile problem wimdeg Linux - Software 3 11-03-2003 06:24 AM
Samba - Roaming Profile problem wimdeg Linux - Software 0 11-02-2003 03:39 PM
Roaming Profile Problem with Samba JoshT Linux - Networking 0 01-15-2003 01:52 PM


All times are GMT -5. The time now is 10:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration