subject:"\[Samba\] samba 3.5.6 as PDC LDAP \- roaming profile problem"

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-03-04 Thread L . P . H . van Belle

Hai, 

First, cleanup your profile before making it your default profile. 
this (  Ustawienia Lokalne\Temporary Internet Files\Content.IE5\ARGDYVI1 ) 
should not be there, there should not be any "Temp" folder.
Second, your profiles doesn't look right. 

this is mine and this is working:  ( adjust your path to : path = /profiles ) 
set the initial rights on /profiles to 777 
new folders are created with the right rights.
[profiles]
path = /home/samba/profiles
comment = Profiel omgeving
read only = no
create mask = 0600
directory mask = 0700
browseable = Yes
guest ok = Yes
csc policy = disable
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"




>-Oorspronkelijk bericht-
>Van: adamsienkiewic...@gmail.com 
>[mailto:samba-boun...@lists.samba.org] Namens Adam Sienkiewicz
>Verzonden: 2012-02-22 00:15
>Aan: samba@lists.samba.org
>Onderwerp: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem
>
>Hi all;
>
>for few weeks I'm trying to implement a new samba PDC server 
>for my school.
>It is based on debian squeeze and samba 3.5.6 with lDAP backend.
>I was able to join a computer into domain, LDAP is working, 
>mapping home
>drive for users also.
>It seems that almost all works good but with one exeption. The 
>one thing
>which is broken is roaming profile support.
>When user is logging into domain windows (I tested win XP prof 
>SP2 and win7
>prof SP1) always said:
>"Windows cannot locate the server copy of your roaming profile and is
>attempting to log you on with your local profile. Changes to 
>the profile
>will not be copied to the server when you logoff. Possible 
>causes of this
>error include network problems or insufficient security rights. If this
>problem persists, contact your network administrator.
>DETAIL – The network name cannot be found."
>and
>"Windows cannot find the local profile and is logging you on with a
>temporary profile. Changes you make to this profile will be 
>lost when you
>log off."
>It looks strange because when I put into netlogon share default profile
>windows take it ( I see that background color in windows is 
>the same like I
>prevoiusly set into default profil), user is able to browse his profile
>directory and create inside this dirs and files.In samba logs 
>there are no
>errors, I can see that /profile share is assigned into user.
>On windows side in c:\windows\debug\userenv log there is:
>
>USERENV(320.324) 18:58:22:898 DeleteProfileEx:  Failed to query profile
>guid with error 2
>USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
>1355.
>USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
>1355.
>USERENV(320.324) 18:58:34:804 CheckRoamingShareOwnership: 
>owner is S-1-1-0!
>USERENV(320.324) 18:58:34:804 IsCentralProfileReachable: 
>Ownership check
>failed with 8007051B
>USERENV(320.324) 18:58:34:804 ReportError: Impersonating user.
>USERENV(320.324) 18:58:36:429 GetUserGuid: Failed to get user guid with
>1355.
>USERENV(320.324) 18:58:36:445 ReportError: Impersonating user.
>USERENV(320.324) 18:58:37:023 RecurseDirectory:
>=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=m
>odern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;t
>pc=development;ord=3934272159358786
>is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
>lokalne\Temporary Internet Files\Content.IE5\ARGDYVI1\, dest = 
>C:\Documents
>and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
>Files\Content.IE5\ARGDYVI1\
>USERENV(320.324) 18:58:37:039 RecurseDirectory:
>=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=m
>odern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;t
>pc=development;ord=3934272159358786
>is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
>lokalne\Temporary Internet Files\Content.IE5\61Y5M1K7\, dest = 
>C:\Documents
>and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
>Files\Content.IE5\61Y5M1K7\
>USERENV(320.324) 18:58:37:039 RecurseDirectory:
>=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=m
>odern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;t
>pc=development;ord=3934272159358786
>is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
>lokalne\Temporary Internet Files\Content.IE5\Q6DTJICU\, dest = 
>C:\Documents
>and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
>Files\Content.IE5\Q6DTJICU\
>USERENV(320.324) 18:58:37:054 RecurseDirectory:
>=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=m
>odern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc

[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-03-04 Thread Adam Sienkiewicz

Hi all;

for few weeks I'm trying to implement a new samba PDC server for my school.
It is based on debian squeeze and samba 3.5.6 with lDAP backend.
I was able to join a computer into domain, LDAP is working, mapping home
drive for users also.
It seems that almost all works good but with one exeption. The one thing
which is broken is roaming profile support.
When user is logging into domain windows (I tested win XP prof SP2 and win7
prof SP1) always said:
"Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator.
DETAIL – The network name cannot be found."
and
"Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you
log off."
It looks strange because when I put into netlogon share default profile
windows take it ( I see that background color in windows is the same like I
prevoiusly set into default profil), user is able to browse his profile
directory and create inside this dirs and files.In samba logs there are no
errors, I can see that /profile share is assigned into user.
On windows side in c:\windows\debug\userenv log there is:

USERENV(320.324) 18:58:22:898 DeleteProfileEx:  Failed to query profile
guid with error 2
USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:34:804 CheckRoamingShareOwnership: owner is S-1-1-0!
USERENV(320.324) 18:58:34:804 IsCentralProfileReachable: Ownership check
failed with 8007051B
USERENV(320.324) 18:58:34:804 ReportError: Impersonating user.
USERENV(320.324) 18:58:36:429 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:36:445 ReportError: Impersonating user.
USERENV(320.324) 18:58:37:023 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\ARGDYVI1\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\ARGDYVI1\
USERENV(320.324) 18:58:37:039 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\61Y5M1K7\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\61Y5M1K7\
USERENV(320.324) 18:58:37:039 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\Q6DTJICU\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\Q6DTJICU\
USERENV(320.324) 18:58:37:054 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\I56DMBW1\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\I56DMBW1\
USERENV(320.324) 18:58:43:461 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(358.278) 18:58:43:633 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(358.278) 18:58:43:633 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.324) 18:58:43:648 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.2a0) 18:58:43:664 GetGPOInfo:  Local GPO's gpt.ini is not
accessible, assuming default state.
USERENV(550.6ac) 18:58:50:945 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(550.758) 18:58:50:992 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.f0) 18:58:58:758 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(77c.80) 19:04:24:414 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.324) 19:04:34:383 DeleteProfileEx:  Failed to query profile
guid with error 2
USERENV(320.324) 19:04:51:508 GetUserGuid: Failed to get user guid with
1355.
USERENV(

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-27 Thread Adam Sienkiewicz

Hi again

Seems to be solved now - I changed Do not check owner of roaming profile in
gpedit.msc on win xp and win7 and now is working but loading of roaminf
profile in win7 is very slow.
I will try to do some tuning this.

Anyway thanks for help for all !!!

2012/2/27 Adam Sienkiewicz 

> Hi all;
>
> I discovered thet from unknow reason %userprofile% varianle on both win xp
> anf win 7 is empt. But why ???
> LDAP ??
>
> Have any seen those kind of issue ?
>
> Cheers Adam
>
> 2012/2/27 Adam Sienkiewicz 
>
>> Hi;
>>
>> nscd is not installed in my system.
>> I thing mapping of users is correct. I can login into linux via ldap
>>  using account which caused problems with roaming profiles in samba ...
>>
>>
>> 2012/2/26 steve 
>>
>>> Hi
>>> r u sure you are mapping the correct user? Is nscd turned off?
>>> Cheers
>>>
>>>
>>> On 02/26/2012 09:33 AM, Adam Sienkiewicz wrote:
>>>
 Hi Steve

 In my system I have following permissions;

 /home 777
 /home/netlogon/Default Profile 755

 still not working :(


 2012/2/24 steve mailto:st...@steve-ss.com>>


[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas
opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)

[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas
opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)

[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas
opened file Default User/ntuser.ini read=Yes write=No (numopen=3)

On those files I have:

-rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
-rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
and
drwxr-xr-x
on the folders.

Any good?

Steve
-- To unsubscribe from this list go to the following URL and
 read the
instructions: 
 https://lists.samba.org/**mailman/options/samba



>>>
>>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-27 Thread Adam Sienkiewicz

Hi all;

I discovered thet from unknow reason %userprofile% varianle on both win xp
anf win 7 is empt. But why ???
LDAP ??

Have any seen those kind of issue ?

Cheers Adam

2012/2/27 Adam Sienkiewicz 

> Hi;
>
> nscd is not installed in my system.
> I thing mapping of users is correct. I can login into linux via ldap
>  using account which caused problems with roaming profiles in samba ...
>
>
> 2012/2/26 steve 
>
>> Hi
>> r u sure you are mapping the correct user? Is nscd turned off?
>> Cheers
>>
>>
>> On 02/26/2012 09:33 AM, Adam Sienkiewicz wrote:
>>
>>> Hi Steve
>>>
>>> In my system I have following permissions;
>>>
>>> /home 777
>>> /home/netlogon/Default Profile 755
>>>
>>> still not working :(
>>>
>>>
>>> 2012/2/24 steve mailto:st...@steve-ss.com>>
>>>
>>>
>>>[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas
>>>opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)
>>>
>>>[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas
>>>opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)
>>>
>>>[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas
>>>opened file Default User/ntuser.ini read=Yes write=No (numopen=3)
>>>
>>>On those files I have:
>>>
>>>-rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
>>>-rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
>>>and
>>>drwxr-xr-x
>>>on the folders.
>>>
>>>Any good?
>>>
>>>Steve
>>>-- To unsubscribe from this list go to the following URL and read
>>> the
>>>instructions: 
>>> https://lists.samba.org/**mailman/options/samba
>>>
>>>
>>>
>>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-26 Thread Adam Sienkiewicz

Hi;

nscd is not installed in my system.
I thing mapping of users is correct. I can login into linux via ldap  using
account which caused problems with roaming profiles in samba ...


2012/2/26 steve 

> Hi
> r u sure you are mapping the correct user? Is nscd turned off?
> Cheers
>
>
> On 02/26/2012 09:33 AM, Adam Sienkiewicz wrote:
>
>> Hi Steve
>>
>> In my system I have following permissions;
>>
>> /home 777
>> /home/netlogon/Default Profile 755
>>
>> still not working :(
>>
>>
>> 2012/2/24 steve mailto:st...@steve-ss.com>>
>>
>>
>>[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas
>>opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)
>>
>>[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas
>>opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)
>>
>>[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas
>>opened file Default User/ntuser.ini read=Yes write=No (numopen=3)
>>
>>On those files I have:
>>
>>-rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
>>-rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
>>and
>>drwxr-xr-x
>>on the folders.
>>
>>Any good?
>>
>>Steve
>>-- To unsubscribe from this list go to the following URL and read
>> the
>>instructions: 
>> https://lists.samba.org/**mailman/options/samba
>>
>>
>>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-26 Thread steve


Hi
r u sure you are mapping the correct user? Is nscd turned off?
Cheers

On 02/26/2012 09:33 AM, Adam Sienkiewicz wrote:

Hi Steve

In my system I have following permissions;

/home 777
/home/netlogon/Default Profile 755

still not working :(


2012/2/24 steve mailto:st...@steve-ss.com>>

[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas
opened file Default User/NTUSER.DAT read=Yes write=No (numopen=1)

[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas
opened file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)

[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas
opened file Default User/ntuser.ini read=Yes write=No (numopen=3)

On those files I have:

-rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
-rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
and
drwxr-xr-x
on the folders.

Any good?

Steve
-- 
To unsubscribe from this list go to the following URL and read the

instructions: https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-26 Thread Adam Sienkiewicz

Hi Steve

In my system I have following permissions;

/home 777
/home/netlogon/Default Profile 755

still not working :(


2012/2/24 steve 

> [2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas opened file
> Default User/NTUSER.DAT read=Yes write=No (numopen=1)
>
> [2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas opened file
> Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)
>
> [2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas opened file
> Default User/ntuser.ini read=Yes write=No (numopen=3)
>
> On those files I have:
>
> -rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
> -rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
> and
> drwxr-xr-x
> on the folders.
>
> Any good?
>
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-24 Thread steve

[2012/02/24 17:50:50.931935, 2] smbd/open.c:633(open_file) jas opened 
file Default User/NTUSER.DAT read=Yes write=No (numopen=1)


[2012/02/24 17:50:51.884020, 2] smbd/open.c:633(open_file) jas opened 
file Default User/ntuser.dat.LOG read=Yes write=No (numopen=2)


[2012/02/24 17:50:51.905456, 2] smbd/open.c:633(open_file) jas opened 
file Default User/ntuser.ini read=Yes write=No (numopen=3)


On those files I have:

-rw-r--r-- 1 steve suseusers 786432 Feb 24 20:07 NTUSER.DAT
-rw-r--r-- 1 steve suseusers160 Feb 24 20:08 ntuser.ini
and
drwxr-xr-x
on the folders.

Any good?
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-24 Thread Adam Sienkiewicz

Hi;
Thanks for reply.
Jurgen I tryed your settings in smb.conf but still the same

I attach log durin logon jas user.
For me there are no error  - but still see error in windows about roaming
profiles not created ...
maybe this is a bug in samba or ldap ?

oot@debldap4:~# tail -f /var/log/samba/jas_172.16.220.136.log
[2012/02/24 17:49:16.156253,  1] smbd/service.c:1070(make_connection_snum)
  tester (:::172.16.220.136) connect to service netlogon initially as
user jas (uid=1002, gid=512) (pid 2177)
[2012/02/24 17:49:26.032109,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:49:26.033237,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:16.705954,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:16.708110,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.043034,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/02/24 17:50:40.044292,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.045255,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:40.045616,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:40.055071,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:40.055623,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.056102,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:40.066467,  2]
rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain)
  Returning domain sid for domain TESTADM ->
S-1-5-21-3986075260-1976875605-3695878225
[2012/02/24 17:50:40.079195,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:40.782999,  1] smbd/service.c:1251(close_cnum)
  tester (:::172.16.220.136) closed connection to service netlogon
[2012/02/24 17:50:43.297758,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.298137,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:43.298334,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:43.300114,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.300549,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303237,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:43.303929,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:43.304730,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:43.305311,  1] smbd/service.c:1070(make_connection_snum)
  tester (:::172.16.220.136) connect to service profiles initially as
user jas (uid=1002, gid=512) (pid 2204)
[2012/02/24 17:50:44.257013,  1] smbd/service.c:1251(close_cnum)
  tester (:::172.16.220.136) closed connection to service profiles
[2012/02/24 17:50:47.965091,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/02/24 17:50:47.967680,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: jas
[2012/02/24 17:50:47.969245,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 512
[2012/02/24 17:50:47.969445,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [jas] -> [jas] -> [jas]
succeeded
[2012/02/24 17:50:47.971263,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.971580,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.971906,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1001
[2012/02/24 17:50:47.980087,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 513
[2012/02/24 17:50:47.983239,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: domainadm
[2012/02/24 17:50:47.983742,  2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap:

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-24 Thread Jürgen Echter


Am 23.02.2012 14:06, schrieb Adam Sienkiewicz:

Hi;

It didn't help. Now for /profiles I have permissions:

drwxrwxrwt 13 root root  4096 Feb 17 20:05 profiles

and if user login to domain firth time its profile dir is created but
nothing else ...

Now /profiles looks lie:

/profiles
├── [drwx-- czarus   Domain U]  czarus
├── [drwx-- domainad domainad]  domainadm
├── [drwxrwxrwx jas  Domain A]  jas
├── [drwx-- root root]  root
├── [drwx-- sambaroo Domain U]  sambaroot2
├── [drwx-- sambaroo Domain U]  sambaroot2.V2
├── [drwx-- sambaroo Domain U]  sambaroot3
├── [drwx-- sambaroo Domain U]  sambaroot3.V2
├── [drwx-- test2Domain U]  test2
│   └── [drwx-- test2Domain U]  dfd
├── [drwx-- test5domainad]  test5



2012/2/23 steve


I googled few days I tryed all what I can find but with no luck. It will
be great if somebody could help me with this because I have no idea what is
a root cause of my issue.
Hi
The cause is usually because of wrong permissions on the profiles folder.
Try the big hammer first:
Backup /profiles
chmod -R 0777 /profiles
comment out:

create mask = 0600
directory mask = 0700
create a new user
login as the new user. That user should have his profile OK.

Then put the security back one stage at a time until it doesn't work again.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  
https://lists.samba.org/**mailman/options/samba


Hi,

i got this in my smb.conf (local smb server)

[profile]
   comment = Profildateien
   path = /DATEN/samba/profile
   guest ok = yes
   browseable = no
   create mask = 0600
   directory mask = 0700
   writeable = yes
   profile acls = yes
   valid users = %U @"Domain Admins"
   force user = %U
   csc policy = disable

and this on bdc (backup domain controller)

[profile]
   comment = Profildateien
   path = \\mule\profile
   guest ok = yes
   browseable = no
   create mask = 0600
   directory mask = 0700
   writeable = yes
   profile acls = yes
   valid users = %U @"Domain Admins"
   force user = %U
   csc policy = disable


pdbedit -L -v says (for one user here)

---
Unix username:stefan
NT username:  stefan
Account Flags:[UX ]
User SID: S-1-5-21-3842863818-2180709222-141296495-3436
Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513
Full Name:Stefan
Home Directory:   \\mule\stefan
HomeDir Drive:H:
Logon Script: stefan.bat
Profile Path: \\mule\profile\stefan
Domain:   WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  never
Kickoff time: 0
Password last set:Do, 20 Okt 2011 18:18:19 CEST
Password can change:  Do, 20 Okt 2011 18:18:19 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours : FF
---

maybe you can see anything related to you. :)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-23 Thread Adam Sienkiewicz

Hi;

It didn't help. Now for /profiles I have permissions:

drwxrwxrwt 13 root root  4096 Feb 17 20:05 profiles

and if user login to domain firth time its profile dir is created but
nothing else ...

Now /profiles looks lie:

/profiles
├── [drwx-- czarus   Domain U]  czarus
├── [drwx-- domainad domainad]  domainadm
├── [drwxrwxrwx jas  Domain A]  jas
├── [drwx-- root root]  root
├── [drwx-- sambaroo Domain U]  sambaroot2
├── [drwx-- sambaroo Domain U]  sambaroot2.V2
├── [drwx-- sambaroo Domain U]  sambaroot3
├── [drwx-- sambaroo Domain U]  sambaroot3.V2
├── [drwx-- test2Domain U]  test2
│   └── [drwx-- test2Domain U]  dfd
├── [drwx-- test5domainad]  test5



2012/2/23 steve 

> I googled few days I tryed all what I can find but with no luck. It will
> be great if somebody could help me with this because I have no idea what is
> a root cause of my issue.
> Hi
> The cause is usually because of wrong permissions on the profiles folder.
> Try the big hammer first:
> Backup /profiles
> chmod -R 0777 /profiles
> comment out:
>
> create mask = 0600
> directory mask = 0700
> create a new user
> login as the new user. That user should have his profile OK.
>
> Then put the security back one stage at a time until it doesn't work again.
> HTH
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-23 Thread steve

I googled few days I tryed all what I can find but with no luck. It will 
be great if somebody could help me with this because I have no idea what 
is a root cause of my issue.

Hi
The cause is usually because of wrong permissions on the profiles 
folder. Try the big hammer first:

Backup /profiles
chmod -R 0777 /profiles
comment out:
create mask = 0600
directory mask = 0700
create a new user
login as the new user. That user should have his profile OK.

Then put the security back one stage at a time until it doesn't work again.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

2012-02-22 Thread Adam Sienkiewicz

Hi all;

for few weeks I'm trying to implement a new samba PDC server for my school.
It is based on debian squeeze and samba 3.5.6 with lDAP backend.
I was able to join a computer into domain, LDAP is working, mapping home
drive for users also.
It seems that almost all works good but with one exeption. The one thing
which is broken is roaming profile support.
When user is logging into domain windows (I tested win XP prof SP2 and win7
prof SP1) always said:
"Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator.
DETAIL – The network name cannot be found."
and
"Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you
log off."
It looks strange because when I put into netlogon share default profile
windows take it ( I see that background color in windows is the same like I
prevoiusly set into default profil), user is able to browse his profile
directory and create inside this dirs and files.In samba logs there are no
errors, I can see that /profile share is assigned into user.
On windows side in c:\windows\debug\userenv log there is:

USERENV(320.324) 18:58:22:898 DeleteProfileEx:  Failed to query profile
guid with error 2
USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:34:758 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:34:804 CheckRoamingShareOwnership: owner is S-1-1-0!
USERENV(320.324) 18:58:34:804 IsCentralProfileReachable: Ownership check
failed with 8007051B
USERENV(320.324) 18:58:34:804 ReportError: Impersonating user.
USERENV(320.324) 18:58:36:429 GetUserGuid: Failed to get user guid with
1355.
USERENV(320.324) 18:58:36:445 ReportError: Impersonating user.
USERENV(320.324) 18:58:37:023 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\ARGDYVI1\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\ARGDYVI1\
USERENV(320.324) 18:58:37:039 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\61Y5M1K7\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\61Y5M1K7\
USERENV(320.324) 18:58:37:039 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\Q6DTJICU\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\Q6DTJICU\
USERENV(320.324) 18:58:37:054 RecurseDirectory:
=mswin_all32bit;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=Delphi;tpc=winnt;tpc=win95;tpc=linux;tpc=posix;tpc=development;ord=3934272159358786
is too long. src = \\PDC-SRV\netlogon\Default User\Ustawienia
lokalne\Temporary Internet Files\Content.IE5\I56DMBW1\, dest = C:\Documents
and Settings\TEMP.TESTADM\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\I56DMBW1\
USERENV(320.324) 18:58:43:461 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(358.278) 18:58:43:633 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(358.278) 18:58:43:633 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.324) 18:58:43:648 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.2a0) 18:58:43:664 GetGPOInfo:  Local GPO's gpt.ini is not
accessible, assuming default state.
USERENV(550.6ac) 18:58:50:945 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(550.758) 18:58:50:992 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.f0) 18:58:58:758 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(77c.80) 19:04:24:414 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(320.324) 19:04:34:383 DeleteProfileEx:  Failed to query profile
guid with error 2
USERENV(320.324) 19:04:51:508 GetUserGuid: Failed to get user guid with
1355.
USERENV(

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

Re: [Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

[Samba] samba 3.5.6 as PDC & LDAP - roaming profile problem

13 matches

Site Navigation

Mail list logo

Footer information