Re: [Samba] Roaming Profiles under Linux clients
On 6 October 2012 17:13, steve wrote: > On 06/10/12 11:14, Michael Wood wrote: >> >> On 5 October 2012 17:36, steve wrote: >>> >>> On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] > >>> [...] Linux clients map whatever the [home] >>> share points at to the unixHomeDirectory attribute. The latter can use >>> either winbind or nslcd to pull the info from ldap. >>> Let me know if you need any more detail. >> >> That doesn't sound like a roaming profile at all. > > No it isn't. The bit before it was. I mentioned it as we set it at the same > time as the profile path in the directory. That's all. By "the bit before that" I assume you mean the LDAP and share changes? That would not magically make the client do anything. In particular it would not make them copy profiles to/from the server. That is why I was asking about configuration and software on the client and not the server, which you had already mentioned. Anyway, from what you and Rowland have said that is not possible with Linux clients. Of course roaming profiles may not be what you want and you could instead access everything directly over the network using e.g. NFS4 as you say. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance
Or could be reverse lookup is not working... root@sogo:~# nslookup sogo Server: 172.16.1.7 Address:172.16.1.7#53 Name: sogo.example.com Address: 172.16.1.7 root@sogo:~# nslookup 172.16.1.7 Server: 172.16.1.7 Address:172.16.1.7#53 ** server can't find 7.1.16.172.in-addr.arpa: SERVFAIL On Sat, Oct 6, 2012 at 10:22 PM, John Russell wrote: > Finally got DNS partially working, the following tests were successful: > host -t SRV _ldap._tcp.example.com. > host -t SRV _kerberos._udp.example.com. > host -t A sogo.example.com. > > Still can not join any windows clients (XP or 7) to the EXAMPLE.COMdomain. > Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then > --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED" > > So DNS now seems to be having permission problems? > > Attached are outputs from "samba_dnsupdate --verbose --all-names" and the > subsequent "tail /var/log/syslog". Any ideas? > > > On Fri, Sep 21, 2012 at 4:30 AM, John Russell wrote: > >> Thought for sure this was a real bug, but you are correct Mr. Bartlett, >> thats just how the SMB protocol works. I verified this with another >> wireshark capture from the same XP machine and a working SAMBA4 appliance >> from Sernet. This second capture also reveals that bind9 is still having >> issues on the SOGo appliance. The host machine registers itself into the >> DNS zone, but will not add client machines when they try to join the >> domain. How do I use the internal DNS service with SAMBA4? >> >> >> On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote: >> >>> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote: >>> > Ran wireshark on the XP client while joining the domain and saw SAM >>> LOGON >>> > request from client and SAM Active Directory Response - user unknown. >>> > >>> > I noticed on the request and the response packets the user name field >>> in >>> > the packet is blank (yes, I am typing the user name and password into >>> the >>> > prompt from the XP machine!). >>> > >>> > Any ideas on what causes this? >>> >>> While an odd feature of the protocol, this is actually a normal >>> successful response to the expected packet. (Essentially, this is a >>> historical oddity from a time when asking if a server knew about a user >>> over an un-authenticated UDP packet wasn't considered a >>> security/confidentially issue). >>> >>> -- >>> Andrew Bartlett >>> http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> >>> >>> >> >> >> -- >> "It's better to be boldly decisive and risk being wrong than to agonize >> at length and be right too late." >> Marilyn Moats Kennedy >> > > > > -- > "It's better to be boldly decisive and risk being wrong than to agonize at > length and be right too late." > Marilyn Moats Kennedy > -- "It's better to be boldly decisive and risk being wrong than to agonize at length and be right too late." Marilyn Moats Kennedy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance
Finally got DNS partially working, the following tests were successful: host -t SRV _ldap._tcp.example.com. host -t SRV _kerberos._udp.example.com. host -t A sogo.example.com. Still can not join any windows clients (XP or 7) to the EXAMPLE.COM domain. Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED" So DNS now seems to be having permission problems? Attached are outputs from "samba_dnsupdate --verbose --all-names" and the subsequent "tail /var/log/syslog". Any ideas? On Fri, Sep 21, 2012 at 4:30 AM, John Russell wrote: > Thought for sure this was a real bug, but you are correct Mr. Bartlett, > thats just how the SMB protocol works. I verified this with another > wireshark capture from the same XP machine and a working SAMBA4 appliance > from Sernet. This second capture also reveals that bind9 is still having > issues on the SOGo appliance. The host machine registers itself into the > DNS zone, but will not add client machines when they try to join the > domain. How do I use the internal DNS service with SAMBA4? > > > On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote: > >> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote: >> > Ran wireshark on the XP client while joining the domain and saw SAM >> LOGON >> > request from client and SAM Active Directory Response - user unknown. >> > >> > I noticed on the request and the response packets the user name field in >> > the packet is blank (yes, I am typing the user name and password into >> the >> > prompt from the XP machine!). >> > >> > Any ideas on what causes this? >> >> While an odd feature of the protocol, this is actually a normal >> successful response to the expected packet. (Essentially, this is a >> historical oddity from a time when asking if a server knew about a user >> over an un-authenticated UDP packet wasn't considered a >> security/confidentially issue). >> >> -- >> Andrew Bartlett >> http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> >> >> > > > -- > "It's better to be boldly decisive and risk being wrong than to agonize at > length and be right too late." > Marilyn Moats Kennedy > -- "It's better to be boldly decisive and risk being wrong than to agonize at length and be right too late." Marilyn Moats Kennedy root@sogo:~# samba_dnsupdate --verbose --all-names IPs: ['fe80::a00:27ff:fef2:b592%eth0', '172.16.1.7'] Calling nsupdate for A example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: example.com.900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for A sogo.example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: sogo.example.com. 900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for A gc._msdcs.example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.example.com. 900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for CNAME a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com sogo.example.com Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com. 900 IN CNAME sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kpasswd._tcp.example.com sogo.example.com 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.example.com. 900 IN SRV 0 100 464 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kpasswd._udp.example.com sogo.example.com 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.example.com. 900 IN SRV 0 100 464 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kerberos._tcp.example.com sogo.example.com 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.example.com. 900 IN SRV 0 100 88 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.example.com sogo.example.com 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:32, Rowland Penny wrote: On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. Hi We use NFS4 to mount the samba share directories on the Linux clients. If you want, you could also mount the profiles share so that your users had access to whatever was on e.g. their windows desktop too. As we have more Linux clients than windows, I try to encourage users to store stuff in their home folder rather than in their windows profile. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 11:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. No it isn't. The bit before it was. I mentioned it as we set it at the same time as the profile path in the directory. That's all. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: Folder Redirection GPO not working with Windows 7
Hi I have folder redirection working fine in XP. I see that W7 has taken the same configuration as I made in XP. Here is a screenshot: http://dl.dropbox.com/u/45150875/gpo.png Unfortunately, on w7, whilst the roaming profile is correctly set, there is no folder redirection. Nothing appears in the \\hh1\USERS folder for the user who has logged in. Upon opening the GPO editor as Administrator in W7, I get an error message about AD and sysvol permissions: 'The permissions for this GPO in the SYSVOL folder are inconsistent with those in ctive Directory. (...) To change the SYSVOL permissions to those in Active Directory, click OK.' Clicking OK gives 'Access is Denied. I then ran samba-tool ntacl sysvolreset and restarted the GPO editor. It then opened without the error:) The settings appear exactly as I set them on XP but are not honoured in W7. The share for the redirected folders says it's offline. There is an offline tab where the security tab normally is under the share properties. Relevant? Can anyone help me trace what's wrong? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4: character encoding issue (was: Samba-tool dbcheck shows "incorrect GUID" after update from alpha17 to beta8)
Original-Nachricht > Datum: Sat, 06 Oct 2012 19:27:10 +1000 > Von: Andrew Bartlett > An: Michael Wood > CC: x-dimens...@gmx.net, samba@lists.samba.org, > samba-techni...@lists.samba.org > Betreff: Re: Samba 4: character encoding issue (was: Samba-tool dbcheck shows > "incorrect GUID" after update from alpha17 to beta8) > On Sat, 2012-10-06 at 11:20 +0200, Michael Wood wrote: > > Hi > > > > On 5 October 2012 21:25, wrote: > > > > > > Original-Nachricht > > >> Datum: Thu, 4 Oct 2012 12:22:54 +0200 > > >> Von: Michael Wood > > >> An: Julian Timm > > >> CC: samba@lists.samba.org > > >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" after > update from alpha17 to beta8 > > > > > >> On 4 October 2012 09:46, Julian Timm wrote: > > >> > > > >> > Original-Nachricht > > >> >> Datum: Wed, 3 Oct 2012 16:56:42 +0200 > > >> >> Von: Michael Wood > > >> >> An: x-dimens...@gmx.net > > >> >> CC: samba@lists.samba.org > > >> >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" > after > > >> update from alpha17 to beta8 > > >> > > > >> >> On 3 October 2012 16:26, wrote: > > >> >> > After updating our Samba4 server from alpha17 to beta8 > "samba-tool > > >> >> dbcheck" shows 24 "incorrect GUID" errors. > > >> >> > What does it mean and what should i do to fix this? > > >> >> > > >> >> Try samba-tool dbcheck --fix. > > >> >> > > >> >> Also, why did you not install rc2 instead of beta8? > > >> > > > >> > I don't want to compile every Samba version for myself, so i'm > using > > >> > the Zentyal 2.3 PPA. The latest Samba version here is beta8, but > rc2 > > >> packages are in testing and should be available soon. > > >> > > > >> > After running samba-tool dbcheck --fix the errors still exists, > when > > >> running dbcheck again. > > >> > > >> Try posting the errors to the list and maybe someone will be able to > > >> say what causes them. > > >> > > >> -- > > >> Michael Wood > > > > > > Ok, here is an example: > > > > > > ERROR: incorrect GUID component for member in object > CN=Mitarbeiter,OU=Benutzer,DC=test,DC=lan - > ;;CN=Max > Müller,OU=Benutzer,DC=test,DC=lan > > > unable to find object for DN CN=Max > Müller,OU=Benutzer,DC=test,DC=lan - (No such Base DN: CN=Max > Müller,OU=Benutzer,DC=test,DC=lan) > > > Not removing dangling forward link > > > > > > All of these database errors affecting users who have german umlauts > > > in their names like Ä,Ö,Ü. > > > These users are also not shown within the Microsoft RSAT AD manager. > > > When i add a new user now like "Horst Müller" with the management > tool, i get the error that the user could not be verified and can't login, but > RSAT still creates the user. > > > > > > Is there a simple way to correct this problem? > > > > I've copied this to the samba-technical list, since the Samba 4 HOWTO > > still says to report successes/failures there. > > > > The problem does look suspiciously like a character encoding issue. > > On my e-mail client, the german umlauts in the DN show up as other > characters (1/4 for example). If the original DN is not utf8, then this > will fail. (Because we will be unable to create the canonical form of > the DN, it will fail to match). > > Julian, can you confirm if the CN attribute and DN was created using > only valid UTF8? > > What client or tool was used to create it? > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > Hi Andrew! How can i test if it uses valid UTF8? To reproduce the problem, maybe it helps to know the steps I've done so far... 1. Install Ubuntu Server 10.04 LTS 2. Adding Resara-Server PPA and installing Resara-Server (which includes Samba4) I've started with Resara-Server 1.0 and updated it to the version 1.1.2 which we are using now. 3. Provisioning was done by the RDS-Console tool from Resara I've used this tool to setup our domain, adding shares, users and DNS entries, but after running into problems when adding users with German umlauts, I've switched to Microsoft RSAT where it was working fine! So, all users with umlauts was created with RSAT, the RDS-Console don't shows them, but they can login successfully from Windows XP and Windows 7, so i ignored the RDS-Console behavior and only uses RSAT for managing the Samba4 domain from now on. 4. Samba-tool dbcheck shows 0 errors at this point 5. Moving /usr/local/samba/ to /var/lib/samba because we want to use the Zentyal packages in the future, which are using /var/lib/samba instead of /usr/local/samba 6. Remove (apt-get purge) the Resara-Server packages rds, rdssamba4, rdsserver etc 7. Updating from Ubuntu 10.04 to 12.04 by using do-release-update tool 8. Adding Zentyal 2.3 PPA and install Samba 4.0.0 beta 8 (rc2 packages are in experimental stage and should be available soon. https://launchpad.net/~kernevil/+
Re: [Samba] Roaming Profiles under Linux clients
On 06/10/12 10:14, Michael Wood wrote: On 5 October 2012 17:36, steve wrote: On 05/10/12 17:21, Michael Wood wrote: On 5 October 2012 13:14, steve wrote: [...] Hi It's working here with Version 4.0.0rc3-GIT-56ffe75 All we do to set up the roaming profile on Linux is to add the attribute: profilePath: \\server\profiles\steve2 to the user DN entry in LDAP. and whilst we're there we also map his windows home directory to his Linux home directory: homeDrive: Z: homeDirectory: \\server\home\steve2 Make sure that the profiles share is writeable by the users. We chmod 1777'd it. HTH Steve I've never looked at this and don't need it now, but I'm interested. How is this implemented on client? [...] Linux clients map whatever the [home] share points at to the unixHomeDirectory attribute. The latter can use either winbind or nslcd to pull the info from ldap. Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? Hi, What you can do is use pam-mount to mount the users home directory from the server onto the Linux client, This is actually faster than roaming profiles as no data actually moves. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4: character encoding issue (was: Samba-tool dbcheck shows "incorrect GUID" after update from alpha17 to beta8)
On Sat, 2012-10-06 at 11:20 +0200, Michael Wood wrote: > Hi > > On 5 October 2012 21:25, wrote: > > > > Original-Nachricht > >> Datum: Thu, 4 Oct 2012 12:22:54 +0200 > >> Von: Michael Wood > >> An: Julian Timm > >> CC: samba@lists.samba.org > >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" after > >> update from alpha17 to beta8 > > > >> On 4 October 2012 09:46, Julian Timm wrote: > >> > > >> > Original-Nachricht > >> >> Datum: Wed, 3 Oct 2012 16:56:42 +0200 > >> >> Von: Michael Wood > >> >> An: x-dimens...@gmx.net > >> >> CC: samba@lists.samba.org > >> >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" after > >> update from alpha17 to beta8 > >> > > >> >> On 3 October 2012 16:26, wrote: > >> >> > After updating our Samba4 server from alpha17 to beta8 "samba-tool > >> >> dbcheck" shows 24 "incorrect GUID" errors. > >> >> > What does it mean and what should i do to fix this? > >> >> > >> >> Try samba-tool dbcheck --fix. > >> >> > >> >> Also, why did you not install rc2 instead of beta8? > >> > > >> > I don't want to compile every Samba version for myself, so i'm using > >> > the Zentyal 2.3 PPA. The latest Samba version here is beta8, but rc2 > >> packages are in testing and should be available soon. > >> > > >> > After running samba-tool dbcheck --fix the errors still exists, when > >> running dbcheck again. > >> > >> Try posting the errors to the list and maybe someone will be able to > >> say what causes them. > >> > >> -- > >> Michael Wood > > > > Ok, here is an example: > > > > ERROR: incorrect GUID component for member in object > > CN=Mitarbeiter,OU=Benutzer,DC=test,DC=lan - > > ;;CN=Max > > Müller,OU=Benutzer,DC=test,DC=lan > > unable to find object for DN CN=Max Müller,OU=Benutzer,DC=test,DC=lan - > > (No such Base DN: CN=Max Müller,OU=Benutzer,DC=test,DC=lan) > > Not removing dangling forward link > > > > All of these database errors affecting users who have german umlauts > > in their names like Ä,Ö,Ü. > > These users are also not shown within the Microsoft RSAT AD manager. > > When i add a new user now like "Horst Müller" with the management tool, i > > get the error that the user could not be verified and can't login, but RSAT > > still creates the user. > > > > Is there a simple way to correct this problem? > > I've copied this to the samba-technical list, since the Samba 4 HOWTO > still says to report successes/failures there. > > The problem does look suspiciously like a character encoding issue. On my e-mail client, the german umlauts in the DN show up as other characters (1/4 for example). If the original DN is not utf8, then this will fail. (Because we will be unable to create the canonical form of the DN, it will fail to match). Julian, can you confirm if the CN attribute and DN was created using only valid UTF8? What client or tool was used to create it? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4: character encoding issue (was: Samba-tool dbcheck shows "incorrect GUID" after update from alpha17 to beta8)
Hi On 5 October 2012 21:25, wrote: > > Original-Nachricht >> Datum: Thu, 4 Oct 2012 12:22:54 +0200 >> Von: Michael Wood >> An: Julian Timm >> CC: samba@lists.samba.org >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" after update >> from alpha17 to beta8 > >> On 4 October 2012 09:46, Julian Timm wrote: >> > >> > Original-Nachricht >> >> Datum: Wed, 3 Oct 2012 16:56:42 +0200 >> >> Von: Michael Wood >> >> An: x-dimens...@gmx.net >> >> CC: samba@lists.samba.org >> >> Betreff: Re: [Samba] Samba-tool dbcheck shows "incorrect GUID" after >> update from alpha17 to beta8 >> > >> >> On 3 October 2012 16:26, wrote: >> >> > After updating our Samba4 server from alpha17 to beta8 "samba-tool >> >> dbcheck" shows 24 "incorrect GUID" errors. >> >> > What does it mean and what should i do to fix this? >> >> >> >> Try samba-tool dbcheck --fix. >> >> >> >> Also, why did you not install rc2 instead of beta8? >> > >> > I don't want to compile every Samba version for myself, so i'm using >> > the Zentyal 2.3 PPA. The latest Samba version here is beta8, but rc2 >> packages are in testing and should be available soon. >> > >> > After running samba-tool dbcheck --fix the errors still exists, when >> running dbcheck again. >> >> Try posting the errors to the list and maybe someone will be able to >> say what causes them. >> >> -- >> Michael Wood > > Ok, here is an example: > > ERROR: incorrect GUID component for member in object > CN=Mitarbeiter,OU=Benutzer,DC=test,DC=lan - > ;;CN=Max > Müller,OU=Benutzer,DC=test,DC=lan > unable to find object for DN CN=Max Müller,OU=Benutzer,DC=test,DC=lan - (No > such Base DN: CN=Max Müller,OU=Benutzer,DC=test,DC=lan) > Not removing dangling forward link > > All of these database errors affecting users who have german umlauts > in their names like Ä,Ö,Ü. > These users are also not shown within the Microsoft RSAT AD manager. > When i add a new user now like "Horst Müller" with the management tool, i get > the error that the user could not be verified and can't login, but RSAT still > creates the user. > > Is there a simple way to correct this problem? I've copied this to the samba-technical list, since the Samba 4 HOWTO still says to report successes/failures there. The problem does look suspiciously like a character encoding issue. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles under Linux clients
On 5 October 2012 17:36, steve wrote: > On 05/10/12 17:21, Michael Wood wrote: >> >> On 5 October 2012 13:14, steve wrote: >> [...] >>> >>> Hi >>> It's working here with Version 4.0.0rc3-GIT-56ffe75 >>> >>> All we do to set up the roaming profile on Linux is to add the attribute: >>> profilePath: \\server\profiles\steve2 >>> to the user DN entry in LDAP. >>> >>> and whilst we're there we also map his windows home directory to his >>> Linux >>> home directory: >>> homeDrive: Z: >>> homeDirectory: \\server\home\steve2 >>> >>> Make sure that the profiles share is writeable by the users. We chmod >>> 1777'd >>> it. >>> >>> HTH >>> Steve >> >> I've never looked at this and don't need it now, but I'm interested. >> How is this implemented on client? > > [...] Linux clients map whatever the [home] > share points at to the unixHomeDirectory attribute. The latter can use > either winbind or nslcd to pull the info from ldap. > Let me know if you need any more detail. That doesn't sound like a roaming profile at all. As far as I understand it a roaming profile is copied to the client on login and copied/synced back to the server on logout. I think that's what Mario and Denis are talking about. Is that possible on Linux clients? If so, how is it implemented? With csync as Denis asked? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba