Date: Tue, 3 Aug 2010 05:26:06 +1000 From: David N <davidn04@gmail.com> To: Alex de Kruijff <alexk@specialisterren.nl> Cc: questions@freebsd.org, akruijff@dds.nl Subject: Re: Samba PDC roaming profiles problem Message-ID: <AANLkTikcZ6DRKByoPUt3JiERM6R4sYJ3uDfPPr%2BkGZYz@mail.gmail.com> In-Reply-To: <4C56ACE0.2050403@specialisterren.nl> References: <4C56ACE0.2050403@specialisterren.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 August 2010 21:32, Alex de Kruijff <alexk@specialisterren.nl> wrote:
> Hi,
>
> I've setup a LDAP backend Samba PDC. I can gain access to shares and
>
> login with a user that is in LDAP, but have a prblem setting up the
> roaming profile stuff. I've been trying to solve this problem for some
> time now, and have tried everything I could think of, but without much
> luck. I keep getting the following error messages:
>
> "Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the profile
> will not be copied to the server when you logoff. Plausible causes of
> this error include network problem or insufficient security rights. If
> this problem persists, contact your network administrators. DETAILS -
> The network path was not found."
>
> Followed by:
>
> "Windows cannot find the local profile and is logging on with a tempory
> profiles. Changes to this profile will be lost when you logoff."
>
> Here is my smb.conf:
>
>> [global]
>> =A0 =A0 security =3D user
>> =A0 =A0 name resolve order =3D wins lmhosts hosts bcast
>> =A0 =A0 deadtime =3D 15
>> =A0 =A0 map to guest =3D Never
>> =A0 =A0 csc policy =3D disable
>> =A0 =A0 hosts allow =3D 127. 192.168.
>> =A0 =A0 server string =3D
>> =A0 =A0 workgroup =3D Nieuwegein
>> =A0 =A0 time server =3D yes
>> =A0 =A0 wins support =3D yes
>> =A0 =A0 domain master =3D yes
>> =A0 =A0 domain logons =3D yes
>> =A0 =A0encrypt passwords =3D yes
>> =A0 =A0 local master =3D yes
>> =A0 =A0 logon drive =3D Z:
>> =A0 =A0 logon path =3D \\%L\profiles\%U
>> =A0 =A0 preferred master =3D yes
>> =A0 =A0 os level =3D 255
>> =A0 =A0 encrypt passwords =3D yes
>> =A0 =A0 passdb backend =3D ldapsam:ldap://localhost/
>> =A0 =A0 enable privileges =3D Yes
>> =A0 =A0 pam password change =3D yes
>> =A0 =A0 passwd program =3D /usr/local/sbin/smbldap-passwd %u
>> =A0 =A0 passwd chat =3D *New*password* %n\n *Retype*new*password* %n\n
>
> *all*authentication*tokens*updated*
>>
>> =A0 =A0 unix password sync =3D Yes
>> =A0 =A0 ldap delete dn =3D Yes
>> =A0 =A0 ldap ssl =3D Off
>> =A0 =A0 ldap passwd sync =3D Yes
>> =A0 =A0 ldap admin dn =3D cn=3Dadmin,dc=3Dspecialisterren,dc=3Dnl
>> =A0 =A0 ldap suffix =3D dc=3Dspecialisterren,dc=3Dnl
>> =A0 =A0 ldap group suffix =3D ou=3DGroups
>> =A0 =A0 ldap idmap suffix =3D ou=3DUsers
>> =A0 =A0 ldap machine suffix =3D ou=3DComputers
>> =A0 =A0 ldap user suffix =3D ou=3DUsers
>> =A0 =A0 idmap backend =3D ldap:ldap://localhost
>> =A0 =A0 idmap uid =3D 10000-20000
>> =A0 =A0 idmap gid =3D 10000-20000
>> =A0 =A0 add user script =3D /usr/local/sbin/smbldap-useradd -a -m "%u"
>> =A0 =A0 delete user script =3D /usr/local/sbin/smbldap-userdel "%u"
>> =A0 =A0 add group script =3D /usr/local/sbin/smbldap-groupadd -p "%g"
>> =A0 =A0 delete group script =3D /usr/local/sbin/smbldap-groupdel "%g"
>> =A0 =A0 add user to group script =3D /usr/local/sbin/smbldap-groupmod -m
>
> "%u" "%g"
>>
>> =A0 =A0 delete user from group script =3D /usr/local/sbin/smbldap-groupm=
od
>
> -x "%u" "%g"
>>
>> =A0 =A0set primary group script =3D /usr/local/sbin/smbldap-usermod -g "=
%g"
>
> "%u"
>>
>> =A0 =A0 add machine script =3D /usr/local/sbin/smbldap-useradd -w "%u"
>> =A0 =A0template homedir =3D /home/%U
>> =A0 =A0 template shell =3D /bin/csh
>> =A0 =A0getwd cache =3D yes
>> =A0 =A0socket options =3D SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=3D8192 SO_S=
NDBUF=3D819
>> =A0 =A0use sendfile =3D yes
>> =A0 =A0mangle prefix =3D 6 # How to mangle Long Filenames in to 8.3 DOS
>> =A0 =A0log level =3D 1
>> =A0 =A0log file =3D /var/log/samba/log.%m
>> =A0 =A0max log size =3D 50
>> =A0 =A0 syslog =3D 0
>>
>> =A0[template]
>> =A0# edited out, has no path
>>
>> =A0[homes]
>> =A0 =A0comment =3D Home users
>> =A0 =A0inherit owner =3D yes
>> =A0 =A0dos filemode =3D yes
>> =A0 =A0writable =3D yes
>> =A0 =A0read list =3D @wheel @"Domain Admins"
>> =A0 =A0valid users =3D "%S"
>> =A0 =A0 create mask =3D 0740
>> =A0 =A0 directory mask =3D 0750
>> =A0 =A0 aio read size =3D 16384
>>
>> =A0[netlogon]
>> =A0 =A0 comment =3D Network Logon Service
>> =A0 =A0 path =3D /disk/netlogon
>> =A0 =A0 browseable =3D no
>> =A0 =A0 read only =3D yes
>> =A0 =A0 aio read size =3D 16384
>>
>> =A0[profiles]
>> =A0 =A0 comment =3D Roaming Profiles Directory
>> =A0 =A0 path =3D /disk/profiles
>> =A0 =A0 administrative share =3D true
>> =A0 =A0 browseable =3D no
>> =A0 =A0writable =3D yes
>> =A0 =A0 create mask =3D 0600
>> =A0 =A0 directory mask =3D 0700
>> =A0 =A0 aio read size =3D 16384
>> =A0 =A0 public =3D yes
>> =A0 =A0 # The root preexec command performs:
>> =A0 =A0# mkdir -pm 750 /disk/profiles/%U-%a; chown %U /disk/profiles/%U-=
%a
>> =A0 =A0 # I started off without this.
>> =A0 =A0 root preexec =3D /root/sbin/profiles.sh %U %a
>>
>> # edited out other shares
>
> ldapsearch gives me:
>>
>> =A0# tester, Users, specialisterren.nl
>> =A0dn: uid=3Dtester,ou=3DUsers,dc=3Dspecialisterren,dc=3Dnl
>> =A0objectClass: top
>> =A0objectClass: person
>> =A0objectClass: organizationalPerson
>> =A0objectClass: inetOrgPerson
>> =A0objectClass: posixAccount
>> =A0objectClass: shadowAccount
>> =A0objectClass: sambaSamAccount
>> =A0cn: tester
>> =A0sn: tester
>> =A0givenName: tester
>> =A0uid: tester
>> =A0uidNumber: 10005
>> =A0gidNumber: 513
>> =A0homeDirectory: /home/tester
>> =A0loginShell: /bin/sh
>> =A0gecos: Tes ter
>> =A0sambaLogonTime: 0
>
> (Edited out the other stuff)
>
> I can acces \\Server\profiles, \\Server\netlogon using my tester
> account. /etc/passwd contains no line with the user tester. And I can
> login under SSH with the tester account.
>
> ll -d /disk/{netlogon,profiles}gives me:
> drwxr-xr-x =A02 root =A0wheel =A0512 Mar 16 11:09 /disk/netlogon/
> drwxrwxrwt =A02 root =A0wheel =A0512 Aug =A02 12:41 /disk/profiles/
>
> Alex
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>
Have you installed /usr/ports/net/smbldap-tools/, although you dont
need it, it helps when creating users.
Do you have
sambaProfilePath in your ldap?
Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikcZ6DRKByoPUt3JiERM6R4sYJ3uDfPPr%2BkGZYz>