Hi all, I'm trying to configure samba as PDC, I have a problem when windows client log in this is the error:
Windows cannot load the profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off I have samba-3.0.11 and smbldap-tools-0.8.8. I tryed also samba-3.0.14 and smbldap-tools-0-9.1, I have the same problem on Gentoo and on Fedora Core4 my configuration file smb.conf: [global] workgroup = THEOREMATICA netbios name = FERRARI enable privileges = yes interfaces = 10.88.77.201 bind interfaces only = yes username map = /etc/samba/smbusers server string = Samba PDC Server hosts allow = 10.88.77.0/24 127.0.0.0/8 security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = STARTUP.BAT #logon script = #logon drive = H: logon drive = #logon home = \\%L\%U logon home = #logon path = \\%L\profiles\%U logon path = domain logons = Yes #os level = 65 os level = 200 preferred master = Yes domain master = Yes wins support = Yes name resolve order = wins lmhosts hosts bcast dns proxy = no passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com" # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=theorematica,dc=it ldap suffix = dc=theorematica,dc=it ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = Directory personale di %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /var/lib/samba/netlogon browseable = No read only = yes [doc] path=/usr/share/doc public=yes writable=no read only=no create mask = 0750 guest ok = Yes [profiles] path = /var/lib/samba/profiles writable = yes create mask = 0600 directory mask = 0700 # browseable = no # default case = lower # preserve case = no # short preserve case = no # case sensitive = no # hide files = /desktop.ini/ntuser.ini/NTUSER.*/ # guest ok = no #profile acls = Yes # profile acls = No # csc policy = disable # next line is a great way to secure the profiles # force user = %U # next line allows administrator to access all profiles #valid users = %U @"Domain Admins" #valid users = %U #root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi I tryed most combinations of the commented options in profiles section ls -la /var/lib/samba/profiles/ total 0 drwxr-x--- 4 root root 96 Jul 11 18:51 . drwxr-xr-x 6 root root 144 Jun 23 21:16 .. drwx------ 2 nicola Domain Users 48 Jul 11 18:20 nicola drwx------ 2 test Domain Users 48 Jul 11 17:54 test please some suggestions, thanks Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba