Samba as a PDC+ Roaming Profiles...
Hello. I will make this really quick and brief.
Anyone here, setup samba as a PDC with roaming profiles? I am having problems implementing roaming profiles. Specifically, if I log in to one machine with a user account, make some changes I then log off. Now, If i go to another machine, log in with the same user account, I do not see the modifications I made on the desktop. Anyone have any ideas? Tarballed |
I have it working (although to be honest I have not tested it thoroghly) but I am not sure my solution is any better, each time a user logs on even if there are no changes between the local documents and settings folder and the remote store on samba it copies everything across. So it can take up to 15 minutes to log on for some peeps.
We don't really take advantage of roaming profiles anyway so I have never looked at the problem in more detail, haven't had to. I am happy to post my smb.conf file though if you want it. |
have you read this:
http://www-1.ibm.com/servers/esdd/tu...mba/index.html have you joined all your computers to the domain? and what OS are the clients running? i'm not sure if it works too well with win95/98/me better of with win2k. hope that was of some help :) -stu |
Alright. Couple of quick things.
All clients are running Windows 2000 Professional. The link that was posted, is a great link and I have used it very well. Let's chat a bit about roaming profiles. Obviously, there are plusses and minuses to using roaming profiles. One thing I want to ask regarding using Samba as a PDC. If I do not use Roaming profiles, can I still use things like group policy, policies, etc. so I can push out permissions and software? I was under the impression that roaming profiles are required in order to use policy. Any validity on that? Thanks. Tarballed |
Hey !
I am using Win XP Prof. and I am using Roaming as well. It works quite okay (well if you take into account that it is from Microsoft ...) In order to reduce the network traffic due to synchronisation we store our data in a document folder on the server. The only files that need to be synchronized are the (Outlok Express) emails (which need to be moved from the default location as they are otherwise not synchronized). If you have trouble with roaming, check that your client has write permissions to the profile directory. One nuicance is that Windows places many useless desktop.ini files in various loactions (e.g. autostart) that need to be removed after the first login. I can provide you with my smb.conf If you like (not that it is very cool, I am a newbee too) Regards Stephan |
Thanks groomer. Yes, that would be great if I could take a look at your smb.conf file. I will post mine tomorrow when I get back to work.
Also, I will see if we cant figure out a process on how to get the profiles to work correctly. Maybe a step by step flowing process. BUt yes, I do appreciate all your help. Tarballed |
below is my smb.conf (had to wait till I got to work) with most of the shares removed for space reasons. I actually found a bug today that was causing my slow down problems and now it seems to run peachy. I have win 2k, win xp, win 98 and win me machines here all worksing well.
so without further dealy [global] ; Basic server settings netbios name = VIMES workgroup = SMARTS ; we should act as the domain and local master browser os level = 64 preferred master = yes domain master = yes local master = yes ; security settings (must user security = user) security = user ; encrypted passwords are a requirement for a PDC encrypt passwords = yes ; support domain logons domain logons = yes ; where to store user profiles? logon path = \\%N\profiles\%u ; where is a user's home directory and where should it ; be mounted at? logon drive = H: logon home = \\%N\home\%u ; specify a generic logon script for all users ; this is a relative **DOS** path to the [netlogon] share logon script = %U.bat #logon script = logon.cmd ; necessary share for domain controller add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u ; sync password to passwd file unix password sync = yes ; all full read / write access to all newly created dirs and files create mask = 0777 directory mask = 0777 ; printer details print command = lpr -P %p -o raw %s load printers = yes printing = cups printcap = cups printer admin = @printadmin [netlogon] path = /export/smb/netlogon read only = yes write list = ntadmin ; share for storing user profiles [profiles] path = /export/smb/ntprofiles read only = no #create mask = 0600 #directory mask = 0704 I read in docs somewhere that login.cmd was required for nt but certainly didn't work for me, hence the %U.bat hope this helps |
My smb.conf
This is my smb.conf and it's working perfect with roaming profiles and all.
I'm a newbie too !!! [global] netbios name = w2kserver workgroup = HEMMA os level = 64 preferred master = yes domain master = yes local master = yes security = user hide unreadable = yes hide dot files = yes time server = yes wins support = yes encrypt passwords = yes domain logons = yes logon path = \\%L\profiles\%a\%U logon drive = Z: logon home = \\%L\%U\profiles logon script = %U.bat # guest account = nobody [netlogon] path = /home/netlogon writable = no write list = (system users) [profiles] path = /home/profiles writable = yes # create mask = 0600 # directory mask = 0700 [home] comment = Home dir path = /home/%u writable = yes valid users = (system users) public = no hide dot files = yes map to guest = bad user:newbie: :newbie: |
Changes in win2000/xp
You also need to do some changes in start/settings/controllpanel/Localpolicy/ and ther in local you got 4-5 settings who starts with Domain.... these should be set to disable.
|
Alright, here is my smb.conf. Let me know what you think or if you see any problems:
Code:
[global] Tarballed |
Maybee !?
You should look at this row in your smb.conf
"logon path = \\%L\profiles\%u\%m" As you can see you use %u = user and %m = machine were I use logon path = \\%L\profiles\%a\%U I don't know what the %a does but if I'm right you are specifying a particullary user to a particullary machine....I'm a newbie so don't trust me fully but I think this could be your problem and offcourse you need to have write permissions for all users who uses the roaming profile in "netlogon" and "profiles". And you also miss this raw with "logon home = \\%L\%U\profiles" It's only a hunch from me but it seems important for me. If you stil got problem after this....try to open both mine and your smb.conf in a text editor and use copy and paste to a third and make you a perfect smb.conf. I presume you have added your other machines to the domain so this already finished. Good Luck ! :newbie: |
Thanks for everyones input. I do appreciate it.
One thing i have decided is that, I do not want all of my users to use roaming profiles. I want them to use their local profiles. This is for a number of reasons really. So, I am doing some testing about setting up about 3-4 users with roaming profiles, everyone else will use local profiles. Couple things come into mind: If I want every computer to receive a logon script, I must make sure that when the user logs on, they log onto the domain and not locally, correct? Fair enough. What I need to figure out is, once I have a computer and it's user logged onto the domain, how do I set it up so when the computer logs onto that computer into our Domain, it will use the local profile, not the roaming profile? I need them to use the local profile and log onto the domain so they will receive any logon scripts I create. Any ideas? Tarballed |
Now I've got it.
To be true I had a linux server going and it worked fine with roaming profiles and everything...but I fucked up my ftp installation so I got bored and installed win again (god help me).
But for your help I've installed my linux server again and it's now up and running with roaming profiles and all. Here is my smb.conf file and it is only one row I think that is changed and that's "security = domain" instead of user or share. I've also stoped my Iptables because it blocked my roaming profiles in some way (will check this later)...I've got another firewall so that's no problem. You also need to update your samba version to the newest. Try it one more time and you will see that it works fine. [global] netbios name = w2kserver workgroup = HEMMA os level = 64 preferred master = yes domain master = yes local master = yes security = domain hide unreadable = yes hide dot files = yes time server = yes wins support = yes encrypt passwords = yes domain logons = yes logon path = \\%L\profiles\%a\%U logon drive = Z: logon home = \\%L\%U\profiles logon script = %U.bat # guest account = nobody [netlogon] path = /home/netlogon writable = no write list = (domain users) [profiles] path = /home/profiles writable = yes create mask = 0755 directory mask = 0755 [home] comment = Home dir path = /home/%u writable = yes valid users = (domain users) public = no hide dot files = yes map to guest = bad user Happy Linux :Pengy: |
Another smb.conf
Well, this is my complete smb.conf a(as promised) which worked more less okay for my purposes.
Check also the write permissions of the profile-dir. Regards Stephan # Global parameters [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = BZH504 netbios name = MEYERHOF netbios aliases = netbios scope = server string = Fileserver interfaces = 129.206.53.240 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 1 syslog = 0 syslog only = No log file = max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 10000 read size = 16384 socket options = SO_KEEPALIVE TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = CUPS disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = ISO8859-1 mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\profile\%U logon drive = z: logon home = \\%N\%U domain logons = Yes os level = 64 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/lib/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No acl compatibility = comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = 129.206.53.0/255.255.255.0 hosts deny = status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = cups print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = No printer driver = printer driver file = /etc/samba/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes hide unreadable = No delete veto files = No veto files = /*.eml/*.nws/riched20.dll/*.{*}/ hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = msdfs root = No [homes] comment = My Data path = /home/%S/Documents valid users = %S admin users = %S, root read only = No create mask = 0640 directory mask = 0750 hide unreadable = Yes browseable = No [printers] comment = All Printers path = /var/tmp printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Software] comment = Installationsverzeichnis fuer Software path = /srv/software admin users = sgromer, root write list = sgromer, root [Lehre] comment = Dateien fuer die Lehre path = /srv/lehre admin users = root, sgromer write list = root, sgromer [Intranet TMP] comment = Verzeichnis fuer den Austausch von Dateien (temporaer) path = /srv/forallusers valid users = +users admin users = root, sgromer read list = +users write list = +users read only = No [netlogon] path = /home/netlogon guest ok = Yes [profile] comment = Roaming path = /home/profile valid users = +users admin users = root, sgromer read only = No create mask = 0600 directory mask = 0700 profile acls = Yes csc policy = disable |
Hey everyone. I really appreciate everyones input and help on this issue. It has given me some insight on where to check on some things.
Couple of quick questions. It was mentioned that instead of security = users, they have their SMB.CONF file set to security = domain. I was just curious if someone could explain to me a bit more about that? Second question, from what I have read and tested, I need to add a machine account(For the computer itself) a unix and samba account for the user. This is what I have been doing, per a tutorial to get everything setup. Let me know what you think: Code:
[root@phoenix root]# /usr/sbin/useradd -g machines -d /dev/null -c "machine id" -s /bin/false machine_name$ that look about right? Tarballed |
All times are GMT -5. The time now is 09:25 PM. |