Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anyone here, setup samba as a PDC with roaming profiles?
I am having problems implementing roaming profiles. Specifically, if I log in to one machine with a user account, make some changes I then log off. Now, If i go to another machine, log in with the same user account, I do not see the modifications I made on the desktop.
I have it working (although to be honest I have not tested it thoroghly) but I am not sure my solution is any better, each time a user logs on even if there are no changes between the local documents and settings folder and the remote store on samba it copies everything across. So it can take up to 15 minutes to log on for some peeps.
We don't really take advantage of roaming profiles anyway so I have never looked at the problem in more detail, haven't had to. I am happy to post my smb.conf file though if you want it.
I am using Win XP Prof. and I am using Roaming as well. It works quite okay (well if you take into account that it is from Microsoft ...)
In order to reduce the network traffic due to synchronisation we store our data in a document folder on the server. The only files that need to be synchronized are the (Outlok Express) emails (which need to be moved from the default location as they are otherwise not synchronized).
If you have trouble with roaming, check that your client has write permissions to the profile directory.
One nuicance is that Windows places many useless desktop.ini files in various loactions (e.g. autostart) that need to be removed after the first login.
I can provide you with my smb.conf If you like (not that it is very cool, I am a newbee too)
below is my smb.conf (had to wait till I got to work) with most of the shares removed for space reasons. I actually found a bug today that was causing my slow down problems and now it seems to run peachy. I have win 2k, win xp, win 98 and win me machines here all worksing well.
so without further dealy
[global]
; Basic server settings
netbios name = VIMES
workgroup = SMARTS
; we should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes
; security settings (must user security = user)
security = user
; encrypted passwords are a requirement for a PDC
encrypt passwords = yes
; support domain logons
domain logons = yes
; where to store user profiles?
logon path = \\%N\profiles\%u
; where is a user's home directory and where should it
; be mounted at?
logon drive = H:
logon home = \\%N\home\%u
; specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
logon script = %U.bat
#logon script = logon.cmd
; necessary share for domain controller
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
; sync password to passwd file
unix password sync = yes
; all full read / write access to all newly created dirs and files
create mask = 0777
directory mask = 0777
; printer details
print command = lpr -P %p -o raw %s
load printers = yes
printing = cups
printcap = cups
printer admin = @printadmin
[netlogon]
path = /export/smb/netlogon
read only = yes
write list = ntadmin
; share for storing user profiles
[profiles]
path = /export/smb/ntprofiles
read only = no
#create mask = 0600
#directory mask = 0704
I read in docs somewhere that login.cmd was required for nt but certainly didn't work for me, hence the %U.bat
You also need to do some changes in start/settings/controllpanel/Localpolicy/ and ther in local you got 4-5 settings who starts with Domain.... these should be set to disable.
You should look at this row in your smb.conf
"logon path = \\%L\profiles\%u\%m"
As you can see you use %u = user and %m = machine were I use
logon path = \\%L\profiles\%a\%U
I don't know what the %a does but if I'm right you are specifying a particullary user to a particullary machine....I'm a newbie so don't trust me fully but I think this could be your problem and offcourse you need to have write permissions for all users who uses the roaming profile in "netlogon" and "profiles".
And you also miss this raw with "logon home = \\%L\%U\profiles"
It's only a hunch from me but it seems important for me.
If you stil got problem after this....try to open both mine and your smb.conf in a text editor and use copy and paste to a third and make you a perfect smb.conf.
I presume you have added your other machines to the domain so this already finished.
Good Luck !
One thing i have decided is that, I do not want all of my users to use roaming profiles. I want them to use their local profiles. This is for a number of reasons really.
So, I am doing some testing about setting up about 3-4 users with roaming profiles, everyone else will use local profiles.
Couple things come into mind:
If I want every computer to receive a logon script, I must make sure that when the user logs on, they log onto the domain and not locally, correct?
Fair enough. What I need to figure out is, once I have a computer and it's user logged onto the domain, how do I set it up so when the computer logs onto that computer into our Domain, it will use the local profile, not the roaming profile? I need them to use the local profile and log onto the domain so they will receive any logon scripts I create.
To be true I had a linux server going and it worked fine with roaming profiles and everything...but I fucked up my ftp installation so I got bored and installed win again (god help me).
But for your help I've installed my linux server again and it's now up and running with roaming profiles and all. Here is my smb.conf file and it is only one row I think that is changed and that's "security = domain" instead of user or share.
I've also stoped my Iptables because it blocked my roaming profiles in some way (will check this later)...I've got another firewall so that's no problem. You also need to update your samba version to the newest.
Try it one more time and you will see that it works fine.
Hey everyone. I really appreciate everyones input and help on this issue. It has given me some insight on where to check on some things.
Couple of quick questions.
It was mentioned that instead of security = users, they have their SMB.CONF file set to security = domain. I was just curious if someone could explain to me a bit more about that?
Second question, from what I have read and tested, I need to add a machine account(For the computer itself) a unix and samba account for the user.
This is what I have been doing, per a tutorial to get everything setup. Let me know what you think:
Code:
[root@phoenix root]# /usr/sbin/useradd -g machines -d /dev/null -c "machine id" -s /bin/false machine_name$
[root@phoenix root]# passwd -l machine_name$
Changing password for user machine_name$
Locking password for user machine_name$
[root@phoenix root]# smbpasswd -a -m machine_name
Added user machine_name$
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.