On Sun, 2010-09-19 at 23:11 -0400, Gary Dale wrote: > On 19/09/10 07:55 PM, Philippe LeCavalier wrote: > > Gary, > > > > On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote: > > > > > I've been at this for hours now and am still not getting it to > > > work. I've been through the lists trying to find an answer and so > > > far as I can tell, everything is configured OK. Obviously it's not, > > > but I'm stuck. > > > > > > I recently installed Squeeze on my home server, overwriting a Lenny > > > installation. I've been able to add my NT (Windows XP/Pro) domain > > > accounts back in and pdbedit shows the expected values - e.g.: > > > > > > r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix > > > username: garydale NT username: Account Flags: [U ] User SID: > > > S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: > > > S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale > > > Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon > > > Script: Profile Path: \\whenim64\home\samba\profiles\garydale > > > Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon > > > time: 0 Logoff time: 9223372036854775807 seconds since the Epoch > > > Kickoff time: 9223372036854775807 seconds since the Epoch Password > > > last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, > > > 15 Sep 2010 14:05:50 EDT Password must change: never Last bad > > > password : 0 Bad password count : 0 Logon hours : > > > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > > > ^What's this?^ > That's the pdbedit output from the command at the start of the section
Gotcha. > > > > > > > > > However, although I can log on, I can't get the roaming profiles > > > working. I get the "windows cannot locate the server copy of your > > > roaming profile" message. Since my Unix account names/numbers are > > > the same and the profiles are in the previously working /home > > > folder that didn't get touched, I can't see how it''s a permissions > > > problem. Noneheless, I removed an old profile which should have let > > > WIndows create a new one. It didn't. I still got the same error. > > > > > > I did have to reinstate the groupmaps (don't know why the samba > > > install doesn't do this) but they seem OK. > > > > > > r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins > > > (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain > > > Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users > > > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> > > > nogroup Domain Computers > > > (S-1-5-21-832165970-4128531365-4003982369-515) -> machines > > > > > > My smb.conf tests OK with testparm. SWAT reports all the daemons > > > are running. I can map shares (with read/write) without needing > > > extra authentication. > > > > > > My smb.conf (minus the shares & printers) is: > > > > [...] > > > > > logon path = \\%N\home\samba\profiles\%U > > > > In 'man smb.conf' > > > > Windows clients can sometimes maintain a connection to the [homes] > > share, even though there is no user logged in. Therefore, it is > > vital that the logon path does not include a reference to the homes > > share (i.e. setting this parameter to \\%N\homes \profile_path will > > cause problems). [...] If you want profiles stored in the home dir > > use the default setting ie \ \%N\%U\Profile > > > > > > [Profiles] profile acls = yes create mode = 0600 directory mode = > > > 0700 path = /home/samba/profiles > > > > Set this to \\%N\%U\Profile OR edit [global] to the reflect this. > > Either way, it needs to be identical and fall within an allowable > > setting. > > > > May I also add that in my opinion you've gone a little overboard > > with the settings in [global] I've been using Samba as a DC for many > > years and have never needed to change so many settings. I would > > suggest starting with defaults and editing as needed...Just a > > thought. > > > > Cheers, Phil > > Actually the [global] settings are pretty much the defaults. Possibly > it's a Debian thing or the way SWAT leaves it. I added the add machine > script and changed the logon path. Didn't consider SWAT. You're right, SWAT does add allot. > > It turned out you were right about the duplication of the path between > logon path and the profiles share. Removing the duplicated path from the > logon path fixed it. I knew it was something stupid that I was missing. :) > > Thanks. You're welcome. Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
