LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-01-2003, 04:28 PM   #1
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Rep: Reputation: 30
Samba as a PDC+ Roaming Profiles...


Hello. I will make this really quick and brief.

Anyone here, setup samba as a PDC with roaming profiles?

I am having problems implementing roaming profiles. Specifically, if I log in to one machine with a user account, make some changes I then log off. Now, If i go to another machine, log in with the same user account, I do not see the modifications I made on the desktop.

Anyone have any ideas?

Tarballed
 
Old 05-01-2003, 05:26 PM   #2
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
I have it working (although to be honest I have not tested it thoroghly) but I am not sure my solution is any better, each time a user logs on even if there are no changes between the local documents and settings folder and the remote store on samba it copies everything across. So it can take up to 15 minutes to log on for some peeps.

We don't really take advantage of roaming profiles anyway so I have never looked at the problem in more detail, haven't had to. I am happy to post my smb.conf file though if you want it.
 
Old 05-01-2003, 05:47 PM   #3
MetalStorm
LQ Newbie
 
Registered: Mar 2003
Location: UK
Distribution: Fedora Core 6
Posts: 8

Rep: Reputation: 0
have you read this:
http://www-1.ibm.com/servers/esdd/tu...mba/index.html

have you joined all your computers to the domain?

and what OS are the clients running?
i'm not sure if it works too well with win95/98/me better of with win2k.

hope that was of some help

-stu
 
Old 05-01-2003, 06:15 PM   #4
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Alright. Couple of quick things.

All clients are running Windows 2000 Professional.

The link that was posted, is a great link and I have used it very well.

Let's chat a bit about roaming profiles.

Obviously, there are plusses and minuses to using roaming profiles.

One thing I want to ask regarding using Samba as a PDC.

If I do not use Roaming profiles, can I still use things like group policy, policies, etc. so I can push out permissions and software?

I was under the impression that roaming profiles are required in order to use policy. Any validity on that?

Thanks.

Tarballed
 
Old 05-01-2003, 08:27 PM   #5
gromer
Member
 
Registered: Feb 2003
Location: Germany / Schwetzingen
Distribution: (K)ubuntu, Debian seldom SuSE
Posts: 76

Rep: Reputation: 15
Hey !

I am using Win XP Prof. and I am using Roaming as well. It works quite okay (well if you take into account that it is from Microsoft ...)
In order to reduce the network traffic due to synchronisation we store our data in a document folder on the server. The only files that need to be synchronized are the (Outlok Express) emails (which need to be moved from the default location as they are otherwise not synchronized).
If you have trouble with roaming, check that your client has write permissions to the profile directory.
One nuicance is that Windows places many useless desktop.ini files in various loactions (e.g. autostart) that need to be removed after the first login.

I can provide you with my smb.conf If you like (not that it is very cool, I am a newbee too)

Regards
Stephan
 
Old 05-01-2003, 09:51 PM   #6
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Thanks groomer. Yes, that would be great if I could take a look at your smb.conf file. I will post mine tomorrow when I get back to work.

Also, I will see if we cant figure out a process on how to get the profiles to work correctly. Maybe a step by step flowing process.

BUt yes, I do appreciate all your help.

Tarballed
 
Old 05-01-2003, 10:46 PM   #7
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
below is my smb.conf (had to wait till I got to work) with most of the shares removed for space reasons. I actually found a bug today that was causing my slow down problems and now it seems to run peachy. I have win 2k, win xp, win 98 and win me machines here all worksing well.

so without further dealy

[global]
; Basic server settings
netbios name = VIMES
workgroup = SMARTS
; we should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes
; security settings (must user security = user)
security = user
; encrypted passwords are a requirement for a PDC
encrypt passwords = yes
; support domain logons
domain logons = yes
; where to store user profiles?
logon path = \\%N\profiles\%u
; where is a user's home directory and where should it
; be mounted at?
logon drive = H:
logon home = \\%N\home\%u
; specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
logon script = %U.bat
#logon script = logon.cmd
; necessary share for domain controller
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
; sync password to passwd file
unix password sync = yes
; all full read / write access to all newly created dirs and files
create mask = 0777
directory mask = 0777
; printer details
print command = lpr -P %p -o raw %s
load printers = yes
printing = cups
printcap = cups
printer admin = @printadmin
[netlogon]
path = /export/smb/netlogon
read only = yes
write list = ntadmin
; share for storing user profiles
[profiles]
path = /export/smb/ntprofiles
read only = no
#create mask = 0600
#directory mask = 0704

I read in docs somewhere that login.cmd was required for nt but certainly didn't work for me, hence the %U.bat

hope this helps
 
Old 05-02-2003, 02:17 AM   #8
lazer66
LQ Newbie
 
Registered: Apr 2003
Posts: 7

Rep: Reputation: 0
My smb.conf

This is my smb.conf and it's working perfect with roaming profiles and all.
I'm a newbie too !!!

[global]
netbios name = w2kserver
workgroup = HEMMA
os level = 64
preferred master = yes
domain master = yes
local master = yes
security = user
hide unreadable = yes
hide dot files = yes
time server = yes
wins support = yes
encrypt passwords = yes
domain logons = yes
logon path = \\%L\profiles\%a\%U
logon drive = Z:
logon home = \\%L\%U\profiles
logon script = %U.bat
# guest account = nobody


[netlogon]
path = /home/netlogon
writable = no
write list = (system users)

[profiles]
path = /home/profiles
writable = yes
# create mask = 0600
# directory mask = 0700

[home]
comment = Home dir
path = /home/%u
writable = yes
valid users = (system users)
public = no
hide dot files = yes
map to guest = bad user
 
Old 05-02-2003, 02:24 AM   #9
lazer66
LQ Newbie
 
Registered: Apr 2003
Posts: 7

Rep: Reputation: 0
Changes in win2000/xp

You also need to do some changes in start/settings/controllpanel/Localpolicy/ and ther in local you got 4-5 settings who starts with Domain.... these should be set to disable.
 
Old 05-02-2003, 11:57 AM   #10
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Alright, here is my smb.conf. Let me know what you think or if you see any problems:

Code:
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   ;Basic inital test settings
   netbios name = smbtest
   workgroup = disneyland

   ;PDC and Master browser settings
   preferred master = yes
   local master = yes
   domain master = yes
   os level = 65

   ;security and logging settings
   security = user
   encrypt passwords = yes
   domain logons = yes
   ;log file = /var/log/samba/log.%m
   ;log level = 2
   ;max log size = 50
   ;hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0

   ;logon paths
   logon path = \\%L\profiles\%u\%m
   logon script = logon.bat

   logon drive = H:

[netlogon]
   path = /home/netlogon
   writable = no
   browsable = no

[profiles]
   path = /home/samba/profiles
   browsable = no
   writable = yes
   create mask = 0600
   directory mask = 0700

[homes]
   read only = yes
   browsable = no
   guest ok = no
   map archive = yes

   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

   pam password change = yes
Suggestions? thoughts?

Tarballed
 
Old 05-02-2003, 03:22 PM   #11
lazer66
LQ Newbie
 
Registered: Apr 2003
Posts: 7

Rep: Reputation: 0
Maybee !?

You should look at this row in your smb.conf
"logon path = \\%L\profiles\%u\%m"

As you can see you use %u = user and %m = machine were I use

logon path = \\%L\profiles\%a\%U

I don't know what the %a does but if I'm right you are specifying a particullary user to a particullary machine....I'm a newbie so don't trust me fully but I think this could be your problem and offcourse you need to have write permissions for all users who uses the roaming profile in "netlogon" and "profiles".

And you also miss this raw with "logon home = \\%L\%U\profiles"
It's only a hunch from me but it seems important for me.
If you stil got problem after this....try to open both mine and your smb.conf in a text editor and use copy and paste to a third and make you a perfect smb.conf.
I presume you have added your other machines to the domain so this already finished.
Good Luck !


 
Old 05-02-2003, 04:01 PM   #12
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Thanks for everyones input. I do appreciate it.

One thing i have decided is that, I do not want all of my users to use roaming profiles. I want them to use their local profiles. This is for a number of reasons really.

So, I am doing some testing about setting up about 3-4 users with roaming profiles, everyone else will use local profiles.

Couple things come into mind:
If I want every computer to receive a logon script, I must make sure that when the user logs on, they log onto the domain and not locally, correct?

Fair enough. What I need to figure out is, once I have a computer and it's user logged onto the domain, how do I set it up so when the computer logs onto that computer into our Domain, it will use the local profile, not the roaming profile? I need them to use the local profile and log onto the domain so they will receive any logon scripts I create.

Any ideas?

Tarballed
 
Old 05-02-2003, 11:58 PM   #13
lazer66
LQ Newbie
 
Registered: Apr 2003
Posts: 7

Rep: Reputation: 0
Now I've got it.

To be true I had a linux server going and it worked fine with roaming profiles and everything...but I fucked up my ftp installation so I got bored and installed win again (god help me).
But for your help I've installed my linux server again and it's now up and running with roaming profiles and all. Here is my smb.conf file and it is only one row I think that is changed and that's "security = domain" instead of user or share.

I've also stoped my Iptables because it blocked my roaming profiles in some way (will check this later)...I've got another firewall so that's no problem. You also need to update your samba version to the newest.

Try it one more time and you will see that it works fine.

[global]
netbios name = w2kserver
workgroup = HEMMA
os level = 64
preferred master = yes
domain master = yes
local master = yes
security = domain
hide unreadable = yes
hide dot files = yes
time server = yes
wins support = yes
encrypt passwords = yes
domain logons = yes
logon path = \\%L\profiles\%a\%U
logon drive = Z:
logon home = \\%L\%U\profiles
logon script = %U.bat
# guest account = nobody


[netlogon]
path = /home/netlogon
writable = no
write list = (domain users)

[profiles]
path = /home/profiles
writable = yes
create mask = 0755
directory mask = 0755

[home]
comment = Home dir
path = /home/%u
writable = yes
valid users = (domain users)
public = no
hide dot files = yes
map to guest = bad user


Happy Linux


 
Old 05-04-2003, 01:33 PM   #14
gromer
Member
 
Registered: Feb 2003
Location: Germany / Schwetzingen
Distribution: (K)ubuntu, Debian seldom SuSE
Posts: 76

Rep: Reputation: 15
Another smb.conf

Well, this is my complete smb.conf a(as promised) which worked more less okay for my purposes.

Check also the write permissions of the profile-dir.

Regards
Stephan

# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/share/samba/codepages
workgroup = BZH504
netbios name = MEYERHOF
netbios aliases =
netbios scope =
server string = Fileserver
interfaces = 129.206.53.240
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 1
syslog = 0
syslog only = No
log file =
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
unix extensions = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = SO_KEEPALIVE TCP_NODELAY
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = CUPS
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set = ISO8859-1
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\profile\%U
logon drive = z:
logon home = \\%N\%U
domain logons = Yes
os level = 64
lm announce = Auto
lm interval = 60
preferred master = True
local master = Yes
domain master = True
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/lib/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
acl compatibility =
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow = 129.206.53.0/255.255.255.0
hosts deny =
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No

[homes]
comment = My Data
path = /home/%S/Documents
valid users = %S
admin users = %S, root
read only = No
create mask = 0640
directory mask = 0750
hide unreadable = Yes
browseable = No

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[Software]
comment = Installationsverzeichnis fuer Software
path = /srv/software
admin users = sgromer, root
write list = sgromer, root

[Lehre]
comment = Dateien fuer die Lehre
path = /srv/lehre
admin users = root, sgromer
write list = root, sgromer

[Intranet TMP]
comment = Verzeichnis fuer den Austausch von Dateien (temporaer)
path = /srv/forallusers
valid users = +users
admin users = root, sgromer
read list = +users
write list = +users
read only = No

[netlogon]
path = /home/netlogon
guest ok = Yes

[profile]
comment = Roaming
path = /home/profile
valid users = +users
admin users = root, sgromer
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
 
Old 05-05-2003, 11:25 AM   #15
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Original Poster
Rep: Reputation: 30
Hey everyone. I really appreciate everyones input and help on this issue. It has given me some insight on where to check on some things.

Couple of quick questions.

It was mentioned that instead of security = users, they have their SMB.CONF file set to security = domain. I was just curious if someone could explain to me a bit more about that?

Second question, from what I have read and tested, I need to add a machine account(For the computer itself) a unix and samba account for the user.

This is what I have been doing, per a tutorial to get everything setup. Let me know what you think:

Code:
[root@phoenix root]# /usr/sbin/useradd -g machines -d /dev/null -c "machine id" -s /bin/false machine_name$
[root@phoenix root]# passwd -l machine_name$
Changing password for user machine_name$
Locking password for user machine_name$

[root@phoenix root]# smbpasswd -a -m machine_name
Added user machine_name$

that look about right?

Tarballed
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba PDC and roaming profiles Red Squirrel Linux - Networking 1 07-13-2005 08:09 PM
samba pdc roaming profiles help chm0d Linux - Networking 1 04-19-2005 02:24 AM
samba pdc without roaming profiles 2 hsa Linux - General 4 05-13-2003 08:43 AM
samba pdc without roaming profiles hsa Linux - General 11 03-20-2003 03:05 AM
Redhat8, PDC & Roaming profiles - nead a howto slewis1972 Linux - Networking 1 01-06-2003 09:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration