Storing roaming profiles on Samba share

n7kn · 09-29-2003, 11:29 PM

I'm running Windows 2k as a domain controller and have samba setup on RH9 as a file server.
I would like to have samba store and serve my roaming profiles. While this sounded like a good idea at the time I am having no luck at all making this work.
Trying this with a test account I've created a test user account with the same user id/password on all services, for example:

Samba user:
jblack/P@$$w0rd
Linux user:
jblack/P@$$w0rd
Windows user:
jblack/P@$$w0rd

When this user tries to log in I get a message saying that a server copy of the profile exsists that does not have the correct security and that the folder must be owned by the user or admin (I get this no matter who owns the folder... root, jblack, etc).

Any help with this would be appreciated.

John Black
n7kn@qsl.net

david_ross · 09-30-2003, 01:52 PM

Welcome to LQ.

Have you checked the filesystem permissions as well as the permissions in smb.conf

n7kn · 09-30-2003, 10:41 PM

Thanks for the reply.
I believe I did by using chmod -R 777 <folder name containing profiles>
Usually not the best practice to leave a folder wide open like that but my users (i.e.: family members) usually have to be shown a share actally exsists as well as be told what can be done with it.

n7kn · 09-30-2003, 10:46 PM

I forgot to address smb.conf comment:

[shared]
comment = shared
path = /usr/shared
writeable = yes
guest ok = yes

I would guess that's pretty wide open too.

david_ross · 10-01-2003, 12:14 PM

Can you post the whole config file.

n7kn · 10-01-2003, 09:23 PM

Sure!
I was going to paste it in here but I believe there is simply too much text.
I've uploaded the file to some obscure webspace as a text file:

http://home.doitnow.com/~whywait/smbconf.txt

I sure appreciate the help, David.
____________________________

sidmark-2850 · 10-02-2003, 12:32 AM

What's with all of the user shares. If you want to share home directories, use the built in [homes] share as opposed to having individual shares.

Code:

# Slightly modified version
[homes]
	comment = Home Directory for %U
	browseable = no
	writeable = yes
	valid users = %S
	create mode = 0660
	directory mode = 0770

As for the profile stuff, how do you go about setting it up. I can't remember at the top of my head and I just blew away my 2k server. I blew it up to play with email. You will need to open up "active directory users and computer" and set up the appropriate values for the profile path. Do you have something like \\<Samba_Server_Name>\%Username%? I just noticed that you didn't explicitly name your samba server. It is a good idea to put the value for netbios name in there.

What is the value you have set it Active Directory for each user.

------------------------------------------------------------------

I have a question of my own and it relates to samba and profiles. Sorry if I am monopolizing this thread, but it is slightly related so here goes:

My samba server is the DC for a domain and I am doing profiles. It works just fine but there are a couple of issues.

First of all, the relevant part of my smb.conf file looks like:

Code:

[global]
	.....
	logon path = \\Madison\Profile\%m

[Profile]
	comment = Profile Directory
	path = %H/NT-Profile
	read only = No
	create mask = 0660
	security mask = 0660
	directory mask = 2770
	directory security mask = 2770
	browseable = No
	volume = "Profile Directory"

I have it set up so that the Profile share on the server points to a subfolder of the user's home directory as opposed to creating a 2nd directory structure for profiles. The problem is that the NT-Profile folder is not always there so I tried using the preexec option to create the folder. I want to set up a script to check whether the folder already exists. The script's name is create-profile and the username should be passed as a parameter so the preexec for the profile share will look like:

preexec = /etc/samba/scripts/create-profile %u

The script is a plain old bash script, or at least it was. I deleted the meat of the script that was supposed to do the file checking. Anyway the script now looks like

#!/bin/bash

HomeDirectory=`echo ~$1`
echo $HomeDirectory

At an earlier stage it created the directory but something didn't go right. If I logged in, it created a folder called "~sid" in the /etc/samba/scripts directory. The only way I got it to work was by slightly modifying the script and sending it the %H macro (The user's home directory.)

To make a long story short, is there a way to expand ~sid in a bash script or do I have to send the script the %H?

Shouldn't the above result in /home/sid displayed to the screen?

david_ross · 10-02-2003, 12:51 PM

I beleive sidmark-2850 has answered your questions above. Just use the "homes" share and create a profiles share too.

sidmark-2850 - since the script isn't being run as the user there will probably be no home dirs to expand to. Just pass the variable as an argument as you suggested.

sidmark-2850 · 10-02-2003, 02:57 PM

david_ross, even if I ran the script manually, I get a directory called "~sid". I guess, I will just have to pass the %H in. I thought that there was a way to expand it to /home/sid.

Hey, where is a good resource to learn perl. I am going to buy the "Learning Perl" book by O'reilly. What are good online resources?

Oh, I was going to use the root preexec and then chmod and chown it to the user.

david_ross · 10-02-2003, 03:04 PM

Can you start a new thread so we don't hijack this one and post your complete script. I'll keep an eye out for it.

As for perl I mainly learnt from examples and basic use of google. There is lots of information scattered all over.

n7kn · 10-03-2003, 05:02 AM

Regarding post #7 from sidmark-2850:

Being a newbie I guess having a share for each user is the natural thing one would do. I'm glad you pointed out an easier way to do it... that's great.

Explicitly naming the Samba server netbois name is something else I overlooked (affectionately known as "Marge")
I'll give all these things a try over the week-end.
User profile path for n7kn in Active Directory look like this:

\\Marge\n7kn

That didn't work. I created a folder called "shared" and a subdirectory for each user in it. In an attempt to remove all obstacles that Samba could offer I ran 'chmod -R 777 shared'

Active Directory user profile path for n7kn looked like this:

\\Marge\shared\n7kn

I'm not sure about using the % symbol on each side of the target directory. Maybe someone can explain that.

One final question would be regarding "blowing away" one's Win2k server. What caliber would you recommend (bullet weight in grains) and how far down-range should the server be placed.
This is a piece of advice would most probably simplify matters greatly.

sidmark-2850 · 10-03-2003, 09:54 AM

n7kn, you can find what the % characters mean if you do man smb.conf.

From man smb.conf

Code:

VARIABLE SUBSTITUTIONS
       Many of the strings that are settable in the config file can take  sub-
       stitutions.  For  example  the  option "path = /tmp/%u" would be inter-
       preted as "path = /tmp/john" if the user connected  with  the  username
       john.

       These  substitutions  are  mostly  noted in the descriptions below, but
       there are some general substitutions which apply whenever they might be
       relevant. These are:

       %S     the name of the current service, if any.

       %P     the root directory of the current service, if any.

       %u     user name of the current service, if any.

       %g     primary group name of %u.

       %U     session  user  name  (the  user name that the client wanted, not
              necessarily the same as the one they got).

       %G     primary group name of %U.

       %H     the home directory of the user given by %u.


       %H     the home directory of the user given by %u.

       %v     the Samba version.

       %h     the Internet hostname that Samba is running on.

       %m     the NetBIOS name of the client machine (very useful).

       %L     the NetBIOS name of the server. This allows you to  change  your
              config  based on what the client calls you. Your server can have
              a "dual personality".

              Note that this paramater is not available when Samba listens  on
              port 445, as clients no longer send this information

       %M     the Internet name of the client machine.

       %N     the  name  of  your NIS home directory server.  This is obtained
              from your NIS auto.map entry. If you  have  not  compiled  Samba
              with  the  --with-automount  option  then this value will be the
              same as %L.

       %p     the path of the service's home directory, obtained from your NIS
              auto.map entry. The NIS auto.map entry is split up as "%N:%p".

       %R     the  selected  protocol level after protocol negotiation. It can
              be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1.

       %d     The process id of the current server process.

       %a     the architecture of the remote machine.  Only  some  are  recog-
              nized,  and  those may not be 100% reliable. It currently recog-
              nizes Samba, WfWg, Win95, WinNT and Win2k. Anything else will be
              known  as  "UNKNOWN". If it gets it wrong then sending a level 3
              log to samba@samba.org
               <URL:mailto:samba@samba.org> should allow it to be fixed.

       %I     The IP address of the client machine.

       %T     the current date and time.

       %$(envvar)
              The value of the environment variable envar.

       There are some quite creative things that can be done with  these  sub-
       stitutions and other smb.conf options.

These substitutions really come in handy and can be used in different situations and even troubleshooting.

You have a couple of options in regards to profile storage. Your easiest one is to create and use the homes share like mentioned, and set your active directory user profile path to: \\Marge\Homes\Profile. This should be your best bet since \\Marge\Homes\Profile will be unique to each user as it points to the Profile directory within the client's home folder.

I ended up creating a profile share which directly pointed to a subfolder of the clients's home directory, so I can just set the AD path to \\Madison\Profile and it would auto create the folder and use it for storage. I had the script working, but unfortunately, it's gone. The reason that it is gone is that it was on my test box, which was at a point earlier on last week my 2k server. Stupid me, I forgot to copy the script.

Now, on to the blowing up your win2k machine, or any machine in fact. There are a number of options you can use to do the job. For my linux boxes, I use Kickstart Installations because I fool around and test too much and I hate selecting packages and options manually, especially for the number of times I do it in a week, or even a day (if I really mess up someting.) It has an option to wipe out your entire partition tables and create new ones. For win2k or windows for that matter, I normally use a 3 1/2" floppy armed with format and fdisk. Another personal favorite of mine is Ranish Partition Manager. Another one that does the job in 1/4 of the time is the tool gdisk which comes with norton ghost. Use it in the right or wrong way (if you really didn't intend to do it) you can wipe your entire disk squeaky clean.

Hope this helps.