| View previous topic :: View next topic |
| Author |
Message |
larand54
l33t
Joined: 20 Feb 2004
Posts: 695
Location: Sweden
|
 Posted: Sun Oct 10, 2004 9:11 am Post subject: samba 3.07 as PDC using Roaming profiles [SOLVED] |
 |
|
This is a long story...I don't know where to start. 
Previously I had samba 2.2 or something working good as PDC with roaming profiles but now I moved to another machine which I cleanly installed Gentoo 2004.2 from a minimal LiveCD.
I thought that it should be the easyest way to just copy configuration files and also the profiles from the old computer.
It didn't worked so well. Domain logons, roaming profiles and even printserver failed( I'm using cups)
I started searching in forums all over and found some help. And finally I was able to logon on my old account in w2000 using the profile stored on samba machine. But not everything in the profile was correctly setup. I think it was only the desktop that was restored.
Ok, I continued with the printers and found in Tips & Tricks a Howto on CUPS+Samba: printing from Windows & Linux.
In this howto there was stated that samba 3 was using a different "passdb backend" thand samba2. You where also told to convert your "smbdpasswd backend" to the new "tdbsam". But that was not needed if you "freshly installed samba 3.x and did not update from 2.x".
Well, as it was a new installation I don't think I need to convert even if I already have created all users with smbpasswd.
However you where told to run: | Code: | | # pdbedit -a -u printer_username |
A very stupid command, I later wanted to change password on a user and that's impossible with this command. There is a switch "-r" which is said to update userdata. But it doesn't, it just lists them.
Well, I finally succeded to install a printer using the printserver but was not allowed to change any properties on the printer.
Ok I continued working on it and finally made a restart.....Oh nooo!!! Now I couldn't log in any longer - "Profile does not exist or password is wrong" that's the message.
I had to add the W2000 machine and user to the domain again. No problem until you try to logon again.
Then it says that there already exists a profile but with different security settings so it creates a local and temporary profile only.
I removed the profiles on both the samba-server and the w2000-machine and started over.
Same result but I noticed that on the samba-server, a user in the profile directory was created as "%u" !!?
How could that be? 
I removed that user and created a complete new user in the system and after logging in ( no problem this time) but noticed that this user also got the name "%u".
I've not touched the adduser script so I don't understand 
This is the settings of my smb.conf:
| Code: | #/etc/samba/smb.conf
[global]
# Basic server settings
interfaces = eth1
workgroup = hemma
netbios name = mars
server string = Samba PDC running %v
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# PDC and master browser settings
os level = 64
domain master = Yes
prefered master = Yes
local master = Yes
domain logons = Yes
dns proxy = No
wins support=Yes
# Security settings
security = user
invalid users = bin daemon sys man postfix mail ftp
admin users = @wheel
#domain admin group = @wheel
#domain admin users = root
hosts allow = 127.0.0.1 172.16.68.0/255.255.255.0
encrypt passwords = Yes
smb passwd file = /etc/smbpasswd
unix password sync=Yes
password level = 8
username level = 8
passwd program=/usr/bin/passwd %u
# Logging settings
log file = /var/log/samba.%m
log level = 2
max log size = 50
debug time stamp = yes
# Logon path tells Samba where to put Windows NT/2000/XP roaming profiles
logon path = \\%L\profiles\%u\%m
logon script = %U.bat
#logon script = %m.bat
logon drive = y:
# Logon home is used to specify home directory and Windows 95/98/ME
# roaming profile location
logon home = \\%L\%u\.profile\%m
#logon script = netlogon.bat
# Printing
load printers = yes
printcap name = cups
printing = cups
lock directory = /var/samba/lock
passdb backend = tdbsam
# New user script - does it work?
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$
[homes]
comment=Home Directories
valid users=%S
read only=no
create mode=0700
directory mode=0700
writeable = yes
browseable = no
[profiles]
path = /home/samba/profiles
read only = no
#browseable = no
create mask = 0600
directory mask = 0700
#profile acls=yes
#valid users = root @smbusers
[netlogon]
path = /home/netlogon
read only = yes
browseable = no
#write list = ntadmin
#valid users = root @smbusers
|
I'm desperate working everyevening whole week with this problem.
NEED som help!
Last edited by larand54 on Sun Oct 10, 2004 6:34 pm; edited 1 time in total |
|
| Back to top |
|
 |
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Oct 10, 2004 1:40 pm Post subject: |
|
|
| you might find some of your %u need changing to %U or vice versa, also I recommend running testparm to make sure that none of the settings you are using have ceased to exist in the transition from 2.2-3.0 |
|
| Back to top |
|
|
larand54
l33t
Joined: 20 Feb 2004
Posts: 695
Location: Sweden
|
| Posted: Sun Oct 10, 2004 3:25 pm Post subject: |
|
|
I've changed some parts that testparm didn't understand:
I removed "domain admin group" and "domain admin user"
But the problem with %u occured later on.
Also the following line; | Code: | | logon path = \\%L\profiles\%u\%m |
Is correct I know and it is this line which determins the user profile path.
In my system it should be:
| Code: | | /home/samba/profiles/larand/jme |
but what I get is:
| Code: | | /home/samba/profiles/%u/jme |
I can change this %u in the script to whatever I can think of and that will then become part of the path.
And if you create a compleatly new user it wants the %u in the path.
But you can see that the user string is sent correctly from W2000 as it creates the path with the users name as the owner:
| Code: |
larand@mars larand $ ls /home/samba/profiles -l
total 0
drwx------ 3 administrator users 72 Oct 10 13:42 %q
drwx------ 3 jakob users 72 Oct 10 13:31 %u
larand@mars larand $
|
Her you can see that I tried even %q as a parameter. |
|
| Back to top |
|
|
larand54
l33t
Joined: 20 Feb 2004
Posts: 695
Location: Sweden
|
| Posted: Sun Oct 10, 2004 6:32 pm Post subject: |
|
|
I happily admit I was wrong  .I had to change %u to %U in the logon path. I don't understand it always worked under Samba 2.x and I'm almost sure that samba 3.07 created the logon path correct in the beginning. Maybe before I added "passdb backend tdbsam" to the configuration.
Another error in the config file was the line:
| Code: | | add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ |
Which should add new machines automatically.
Testparm didn't say anything but when I tried execute the command manually I recognized that the switch -n shouldn't be there.
I've grabed the lines from some article I've read long time ago and is not sure if they worked on the old machine "slackware 8.1".
Now everything is working just fine, it's only that autostarted programs don't start and some programs don't start manually either when I execute them from the profile I created using a copy from the old system. In the W2000 system of course.
In new profiles they work.
Any idea? |
|
| Back to top |
|
|
drakos7
Apprentice
Joined: 21 Feb 2003
Posts: 294
Location: Rockville, MD, USA, Earth, Sol
|
| Posted: Fri Dec 03, 2004 4:50 pm Post subject: |
|
|
| I think this is a very important post. I just went through hell adding new users to my system having them not be able to log in. The problem was having my old %u in there instead of the %U. What a pain! So, to throw a couple more keywords on this thread to help others... roaming profiles desktop login error |
|
| Back to top |
|
|
|
Networking & Security
