Re: [Samba] Roaming Profile Mix-Up Between Users
Hi! First, thanks everybody for posting. It is a little bit odd that there seems to be quite different opinions on what is possible and what not. Storing Win2000 and WinXP roaming profile within the same directory: Possible or not? What trouble can be extepected? There seems to be no definitive answer for that question. In addition, my original problem still persists. Users still get the profile of the preceeding user who logged in. Robert, thanks for the example config you posted for the [profiles] share. I have to add that we have no dedicated profile path, but we store the profiles in /home/%u/.WindowsProfil . Can this be the cause of the trouble? The complete share config as we have it now: [profiles] comment = Windows-Profil path = /home/%u/.WindowsProfil valid users = %U, @Domain Admins force user = %U read only = No create mask = 0700 directory mask = 0700 guest ok = Yes profile acls = Yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No csc policy = disable locking = No oplocks = No level2 oplocks = No Here is the directory listing with rights mask for my profile: hal:/home/marian# ls -la /home/marian/.WindowsProfil/ total 840 drwx-- 14 marian users 4096 Jun 6 13:14 . drwx-x 34 marian users 4096 May 16 10:50 .. drwx-- 14 marian users 4096 May 7 15:28 Anwendungsdaten drwx-- 2 marian users 4096 May 6 15:02 Cookies drwx-- 5 marian users 4096 Jun 1 11:52 Desktop drwx-- 2 marian users 4096 May 6 15:02 Druckumgebung drwx-- 6 marian users 4096 May 6 15:02 Eigene Dateien drwx-- 5 marian users 4096 May 6 15:02 Favoriten drwx-- 3 marian users 4096 May 6 15:02 His6 -rwx-- 1 marian users 786432 Jun 6 13:15 NTUSER.DAT -rwx-- 1 marian users 1024 Jun 6 13:14 NTUSER.DAT.LOG drwx-- 8 marian users 4096 May 6 15:02 Netzwerkumgebung drwx-- 2 marian users 8192 May 6 15:02 Recent drwx-- 2 marian users 4096 May 6 15:02 SendTo drwx-- 3 marian users 4096 May 6 15:02 Startmen?? drwx-- 2 marian users 4096 May 6 15:02 Vorlagen -rw--- 1 marian users282 Jun 6 13:14 ntuser.ini Another odd thing, excpept for the fact that my profile is presented to whoever loggs in next, is the fact that it remains on the workstation (tested on Windows XP). I thought this could be changed by csc policy = disable but it obviously doesn't help. And for something else: When I log in as local Administrator after I logged in as domain user marian, then open the user profiles dialog of the system settings, I don't see the profile KISD\marian (as it should be named) but KISD\ab. Isn't this mysterious? I start wondering if something in the name resolution is totally mixed up, if SIDs are mingled up or whatever. Marian -- http://www.sendung.de/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profile Mix-Up Between Users
okok. Before anybody spends any more time on my problems, pardon me. I just found out that all sambaSIDs in our LDAP directory are the same. Yes, the same. Sorry, and thanks again! Marian -- http://www.sendung.de/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profile Mix-Up Between Users
Hi! We are having some trouble after migrating from an NT4 domain controller to Samba 3: When there is no local copy of any profile on a workstation, a user can log in and his profile is copied from the server. When a second user logs in to the same workstation after the first one logged out, he sees the profile of the first one. That is, he actually used it. His profile isn't even read from the server. What could be the reason for this? We have both WinXP and Win2000 workstations. Users where able to use their roaming profile on both systems back when we used the NT PDC and we would like them to so with the Samba PDC. We hold user data in an LDAP backend. Thanks! Marian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Revealing linux quota to windows users?
Thanks all, problem is solved by now. Marian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Revealing linux quota to windows users?
Hello! I know this must be an old topic, but I can't quite find an answer in the archive or the Howto. I would like to know if it's possible to show the user quota instead of the disk size when users open their home directoy as a share. (I think it's kind of misleading when it says 480GB free to a user who has only 500 MB space.) Thanks! Marian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC with ldapsam and login problem
Hi, foreword I am about to set up Samba 3.0.14a on Linux as PDC wit LDAP backend for our faculty. However, first tries have only partly been successful. First I added samba LDAP-Schema attributes to existing account, created their Samba passwords with smbpasswd and it worked so that normal users could log in via the windows network neighborhood and use the shares. But, I couldn't manage to join machines to the domain. So I backed off and started from scratch. /foreword The current LDAP directory only contains more or less what smbldap-populate creates. I will paste the LDIF at the end of this mail. When I try to log in via smbclient -L localhost -U root I get the following message: Domain=[KISD] OS=[Unix] Server=[Samba 3.0.14a-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED The password should be correct. When I enter a wrong password, the message is NT_STATUS_LOGON_FAILURE. The LDAP log (also pasted below) shows that the search for a sambaGroupMapping with gidNumber=0 fails. 'root', as created by smbldap-populate, has gidNumber=0 (which makes sense to me). But there is no group having gidNumber=0 in my LDAP directory. Is that the reason why Samba can't authorize root? (In an NIS environment, only a group root should have the gidNumber=0) The group Domain Admins as smbldap-populate creates it has gidNumber=512. And that group has meberUid=root. Can anybody tell me what I have to teak in order to be able to proceed? I appreciate any help! Marian testparm output Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [Profiles] Processing section [netlogon] Processing section [Gruppen] Processing section [Transit] Loaded services file OK. Server role: ROLE_DOMAIN_PDC LDAP server log May 1 12:01:50 hal slapd[6914]: conn=11 op=1 SRCH base= scope=0 deref=0 filter=(objectClass=*) May 1 12:01:50 hal slapd[6914]: conn=11 op=1 SRCH attr=supportedControl May 1 12:01:50 hal slapd[6914]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= May 1 12:01:50 hal slapd[6914]: conn=11 op=2 SRCH base=ou=DS,o=Fachhochschule Koeln,c=DE scope=2 deref=0 filter=((uid=root)(objectClass=sambaSamAccount)) May 1 12:01:50 hal slapd[6914]: conn=11 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp May 1 12:01:50 hal slapd[6914]: conn=11 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= May 1 12:01:50 hal slapd[6914]: conn=11 op=3 SRCH base=ou=Group,ou=DS,o=Fachhochschule Koeln,c=DE scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) May 1 12:01:50 hal slapd[6914]: conn=11 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass May 1 12:01:50 hal slapd[6914]: conn=11 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= May 1 12:01:50 hal slapd[6914]: conn=11 fd=24 closed LDIF representation of our directory: === dn: ou=DS,o=Fachhochschule Koeln,c=DE ou: DS objectClass: organizationalUnit dn: ou=People, ou=DS,o=Fachhochschule Koeln,c=DE ou: People objectClass: organizationalUnit dn: ou=Group, ou=DS,o=Fachhochschule Koeln,c=DE ou: Group objectClass: organizationalUnit dn: ou=Computers, ou=DS,o=Fachhochschule Koeln,c=DE ou: Computers objectClass: organizationalUnit dn: uid=root,ou=People, ou=DS,o=Fachhochschule Koeln,c=DE sambaLMPassword: ***secret*** sambaPrimaryGroupSID: S-1-5-21-2224407680-2312910263-3502601358-512 objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount userPassword:: ***secret*** sambaLogonTime: 0 sambaHomeDrive: Z: uid: root uidNumber: 0 cn: root sambaLogoffTime: 2147483647 sambaPwdLastSet: 1114941311 loginShell: /bin/bash sambaAcctFlags: [U ] gidNumber: 0 sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1 sambaNTPassword: ***secret*** gecos: Netbios Domain Administrator sambaSID: S-1-5-21-2224407680-2312910263-3502601358-500 homeDirectory: /root sambaKickoffTime: 2147483647 sn: root sambaPasswordHistory: 000 0 dn: uid=nobody,ou=People, ou=DS,o=Fachhochschule Koeln,c=DE sambaLMPassword: NO PASSWORDX sambaPrimaryGroupSID: S-1-5-21-2224407680-2312910263-3502601358-514 objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount sambaLogonTime: 0 sambaHomeDrive: Z: uid: nobody uidNumber: 999 cn: nobody
Re: [Samba] Samba 3 PDC with ldapsam and login problem
Meanwhile I tried the same as described in my original post, but with higher log level. The only negative message (I don't really know what to look for) is this one: user 'root' (from session setup) not permitted to access this share (IPC$). I also added a group root which represents the posixGroup with gidNumber=0 and root as a member. This doesn't help, obviously. Still glad for any help, Marian [2005/05/01 19:01:12, 3] smbd/password.c:register_vuid(222) User name: root Real name: root [2005/05/01 19:01:12, 3] smbd/password.c:register_vuid(241) UNIX uid 0 is UNIX user root, and will be vuid 100 [2005/05/01 19:01:12, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'root' using home directory: '/root' [2005/05/01 19:01:12, 3] param/loadparm.c:lp_add_home(2368) adding home's share [root] for user 'root' at '/root' [2005/05/01 19:01:12, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 88 [2005/05/01 19:01:12, 5] lib/util.c:show_msg(464) [2005/05/01 19:01:12, 5] lib/util.c:show_msg(474) size=84 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=7988 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=1 (0x1) smb_bcc=41 [2005/05/01 19:01:12, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 7989) conn 0x0 [2005/05/01 19:01:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/01 19:01:12, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/05/01 19:01:12, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/01 19:01:12, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/01 19:01:12, 4] smbd/reply.c:reply_tcon_and_X(407) Client requested device type [?] for share [IPC$] [2005/05/01 19:01:12, 5] smbd/service.c:make_connection(807) making a connection to 'normal' service ipc$ [2005/05/01 19:01:12, 2] smbd/service.c:make_connection_snum(321) user 'root' (from session setup) not permitted to access this share (IPC$) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC with ldapsam and login problem
John H Terpstra wrote: Marian, It looks like you are blocking the 'root' account in your smb.conf file. If not, please send us your smb.conf file so we can help you. - John T. John, you're so right! I guess I wasn't seeing the forest for the trees. I had invalid users = root in the smb.conf. Must have copy-pasted it from some Howto. (Oh dear, that cost me at least one sunny sunday...) Thanks! Marian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba