for my organaization i configured a Samba PDC, Samba-LDAP, with the following configuration
my server is running fedora core 5, all my clients are windows XP, my problem is when i login to the domain through windows xp client each time the profile is refreshing, i want to save the profile in server and retrive it when i login again. please healp me out to get out of this problem, Regards, Suresh Bollu *smb.conf* [global] workgroup = QVANTELIN netbios name = box1 interfaces = eth1, lo username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes obey pam restrictions = No unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Changing password for *\nNew password*" %n\n "*Retype new password*" %n\n" ldap password sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat #logon drive = F: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://192.168.1.10 ldap admin dn= cn=Manager,dc=qvantelin,dc=com ldap suffix = dc=qvantelin,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=machines ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" [homes] comment = Home Directories valid users = %S writable = yes create mask = 0664 directory mask = 0775 browseable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles writable = yes writable = yes Browseable = yes create mode = 0644 directory mode = 0755 [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No *smbldap.conf* # $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $ # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $ # # smbldap-tools.conf : Q & D configuration file for smbldap-tools # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # # Copyright (C) 2001-2002 IDEALX # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Purpose : # . be the configuration file for all smbldap-tools scripts ############################################################################## # # General Configuration # ############################################################################## #UID and GID starting at... UID_START="1000" GID_START="1000" # Put your own SID. To obtain this number do: "net getlocalsid". # If not defined, parameter is taking from "net getlocalsid" return SID="S-1-5-21-2118587481-1440970363-3314129951" # Domain name the Samba server is in charged. # If not defined, parameter is taking from smb.conf configuration file # Ex: sambaDomain="IDEALX-NT" #sambaDomain="QVANTELIN" ############################################################################## # # LDAP Configuration # ############################################################################## # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" slaveLDAP="192.168.1.10" # Slave LDAP port # If not defined, parameter is set to "389" slavePort="389" # Master LDAP server: needed for write operations # Ex: masterLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" masterLDAP="192.168.1.10" # Master LDAP port # If not defined, parameter is set to "389" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) # If not defined, parameter is set to "1" ldapTLS="0" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details #verify="require" # CA certificate # see "man Net::LDAP" in start_tls section for more details #cafile="/etc/pki/tls/certs/ldapserverca.pem" # certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientcert="/etc/pki/tls/certs/ldapclient.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientkey="/etc/pki/tls/certs/ldapclientkey.pem" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=qvantelin,dc=com" # Where are stored Users # Ex: usersdn="ou=Users,dc=qvantelin,dc=com" # Warning: if 'suffix' is not set here, you must set the full dn for usersdn usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for computersdn computersdn="ou=machines,${suffix}" # Where are stored Groups # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn groupsdn="ou=Group,${suffix}" # Where are stored Idmap entries (used if samba is a domain member server) # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn #idmapdn="ou=Users,${suffix}" # Where to store next uidNumber and gidNumber available for new users and groups # If not defined, entries are stored in sambaDomainName object. # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" #sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Default scope Used scope="sub" # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="SSHA" # if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! #crypt_salt_format="%s" ############################################################################## # # Unix Accounts Configuration # ############################################################################## # Login defs # Default Login Shell # Ex: userLoginShell="/bin/bash" userLoginShell="/bin/bash" # Home directory # Ex: userHome="/home/%U" userHome="/home/%U" # Default mode used for user homeDirectory # userHomeDirectoryMode="700" # Gecos userGecos="System User" # Default User (POSIX and Samba) GID defaultUserGid="513" # Default Computer (Samba) GID defaultComputerGid="553" # Skel dir skeletonDir="/etc/skel" # Default password validation time (time in days) Comment the next line if # you don't want password to be enable for defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) #defaultMaxPasswordAge="45" ############################################################################## # # SAMBA Configuration # ############################################################################## # The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles # Ex: userSmbHome="\\PDC-SMB3\%U" userSmbHome="\\box1\homes" # The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles # Ex: userProfile="\\PDC-SMB3\profiles\%U" userProfile="\\box1\profiles\" # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: userHomeDrive="H:" userHomeDrive="F:" # The default user netlogon script name (%U username substitution) # if not used, will be automatically username.cmd # make sure script file is edited under dos # Ex: userScript="startup.cmd" # make sure script file is edited under dos userScript="startup.bat" # Domain appended to the users "mail"-attribute # when smbldap-useradd -M is used # Ex: mailDomain="idealx.com" #mailDomain="idealx.com" ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner # no_banner="1" *smbldap_bind.conf* ############################ # Credential Configuration # ############################ # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=Manager,dc=qvanelin,dc=com" slavePw="forget" masterDN="cn=Manager,dc=qvantelin,dc=com" masterPw="forget" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
