Goutham
asked on
windows user profiles and logon scripts for linux domain controller
Dear Sir/Madam:
Linux working as samba domain controller but
1. when lgged in windows local windows profile is getting loaded how to point this to linux server
2. how to place logon scripts in the /var/lib/samba/netlogon/sc ripts
please help me on this
Linux working as samba domain controller but
1. when lgged in windows local windows profile is getting loaded how to point this to linux server
2. how to place logon scripts in the /var/lib/samba/netlogon/sc
please help me on this
ASKER
thanks for the reply , yes sir i have those lines in my smb.conf but when users login from the windows systems following are the error message
1. Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied.
2. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
for your reference the following is my config :
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/sc ripts
admin users = ed, john, root
; guest ok = yes
guest ok = no
browseable = no
; writable = no
; share modes = no
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = no
guest ok = yes
profile acls = yes
; browseable = no
; guest ok = yes
error no 1
think access to the path /var/lib/samba/netlogon/sc ripts , what access to be set please suggest me.
error no2 , i have no idea
1. Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied.
2. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
for your reference the following is my config :
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/sc
admin users = ed, john, root
; guest ok = yes
guest ok = no
browseable = no
; writable = no
; share modes = no
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = no
guest ok = yes
profile acls = yes
; browseable = no
; guest ok = yes
error no 1
think access to the path /var/lib/samba/netlogon/sc
error no2 , i have no idea
the profiles share has to be set up as a complete 777 permission. as in
chmod 777 /path/to/profiles
as the windows machine creates a new directory for every user who logs on to the domain in this particular shared folder, it has to be writeable to the entire world. however, the individual username directories created there would be created as 700 in the user name. therefore the access to the contents would not be visible to anyone other than the domain admin and the user himself.
have you checked whether /var/lib/samba/profiles has a 777 permission set to it
chmod 777 /path/to/profiles
as the windows machine creates a new directory for every user who logs on to the domain in this particular shared folder, it has to be writeable to the entire world. however, the individual username directories created there would be created as 700 in the user name. therefore the access to the contents would not be visible to anyone other than the domain admin and the user himself.
have you checked whether /var/lib/samba/profiles has a 777 permission set to it
ASKER
Thank you so much , then error no 2 ( if the permission is set to 777 the will the error 2 also will be solved for your reference err-2 is posted below
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
ASKER
Sir, set the permissions as follows
# chmod 777 /var/lib/samba/profiles
still the same two error messages
1. Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied.
2. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Please help to fix this.
# chmod 777 /var/lib/samba/profiles
still the same two error messages
1. Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied.
2. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Please help to fix this.
for what it is worth i am giving my smb.conf file which works in exactly the same way that you want it to work as
[global]
workgroup = XXXXXX.COM
netbios name = ZZZZZZZZ
server string = samba server
passdb backend = tdbsam
username map = /etc/samba/smbusers
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false-M %u
logon path = \\%L\Profiles\%U
logon drive = P:
logon home = \\%L\%U
domain logons = Yes
os level = 255
interfaces = eth0 lo
local master = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = XXXXXX.com\root
create mask = 0774
hosts allow = 192.168.245.0/255.255.255. 0
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, ygoutham
guest ok = Yes
browseable = No
[public]
comment = Directory for general storage
path = /samba1/public
guest ok = Yes
[profiles]
path = /samba1/profiles
read only = No
browseable = No
[global]
workgroup = XXXXXX.COM
netbios name = ZZZZZZZZ
server string = samba server
passdb backend = tdbsam
username map = /etc/samba/smbusers
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false-M %u
logon path = \\%L\Profiles\%U
logon drive = P:
logon home = \\%L\%U
domain logons = Yes
os level = 255
interfaces = eth0 lo
local master = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = XXXXXX.com\root
create mask = 0774
hosts allow = 192.168.245.0/255.255.255.
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, ygoutham
guest ok = Yes
browseable = No
[public]
comment = Directory for general storage
path = /samba1/public
guest ok = Yes
[profiles]
path = /samba1/profiles
read only = No
browseable = No
ASKER
Thanks for the reply , sir root user with samba password is able to login without the following message
at login time:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
but all with all other samba users the above message appears at login
please help me.
at login time:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
but all with all other samba users the above message appears at login
please help me.
try changing the profiles path from /var directory to some other directory and see. if not remove the machine from the domain and add it back to the domain with the root password.
now try logging with the username and password again to see if the profiles are getting created
now try logging with the username and password again to see if the profiles are getting created
ASKER
Sir there is not problem in root login in the windows client machines after login can see the root directory which is created under /Documents and Settings/root
but when the other samba users login no such user nmae directory is created .
but when the other samba users login no such user nmae directory is created .
have you set the other users username and password
smbpasswd -a username
the above command adds a password for the USERNAME to the samba password db file
if you do a
pdbedit -L
then it should show a list of all the users and groups in the samba server
smbpasswd -a username
the above command adds a password for the USERNAME to the samba password db file
if you do a
pdbedit -L
then it should show a list of all the users and groups in the samba server
ASKER
yes sir
have created a samba users by using :
#pdbedit -a < username>
and issued the password
the same user iam able to login and access the home directoy in the samba domain controller but with the following message at the login :
" Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."
also no username directory is created under /Documents and Settings/
please note :
for the root no problem at all logon happens without any message i mean the roaming profile is getting loaded from the samba domain and also root directory is created under the /Documents and Settings.
please help me .
have created a samba users by using :
#pdbedit -a < username>
and issued the password
the same user iam able to login and access the home directoy in the samba domain controller but with the following message at the login :
" Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."
also no username directory is created under /Documents and Settings/
please note :
for the root no problem at all logon happens without any message i mean the roaming profile is getting loaded from the samba domain and also root directory is created under the /Documents and Settings.
please help me .
is the firewall and SELINUX running on the samba server??? what is the log file /var/log/smbd.log saying??? any help there?
ASKER
Sir, iptable rules is opened for the samba also all the selinux policy is on for the samba:
[root@parrot ~]# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> on
samba_export_all_rw --> on
samba_share_nfs --> off
use_samba_home_dirs --> on
var/log/samba/smb.log :
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 15:27:24, 0] param/loadparm.c:map_param eter(2765)
Unknown parameter encountered: ", csc policy"
[2007/12/05 15:27:24, 0] param/loadparm.c:lp_do_par ameter(350 5)
Ignoring unknown parameter ", csc policy"
[2007/12/05 15:27:32, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 15:28:08, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 15:41:22, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:09:09, 0] smbd/server.c:main(944)
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 16:09:09, 0] param/loadparm.c:map_param eter(2765)
Unknown parameter encountered: ", csc policy"
[2007/12/05 16:09:09, 0] param/loadparm.c:lp_do_par ameter(350 5)
Ignoring unknown parameter ", csc policy"
[2007/12/05 16:13:23, 0] smbd/server.c:main(944)
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 16:13:23, 0] param/loadparm.c:map_param eter(2765)
Unknown parameter encountered: ", csc policy"
[2007/12/05 16:13:23, 0] param/loadparm.c:lp_do_par ameter(350 5)
Ignoring unknown parameter ", csc policy"
[2007/12/05 16:15:35, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:15:35, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:04, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:04, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:53, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:53, 0] lib/util_sock.c:get_peer_a ddr(1232)
getpeername failed. Error was Transport endpoint is not connected
793,3 99%
[root@parrot ~]# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> on
samba_export_all_rw --> on
samba_share_nfs --> off
use_samba_home_dirs --> on
var/log/samba/smb.log :
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 15:27:24, 0] param/loadparm.c:map_param
Unknown parameter encountered: ", csc policy"
[2007/12/05 15:27:24, 0] param/loadparm.c:lp_do_par
Ignoring unknown parameter ", csc policy"
[2007/12/05 15:27:32, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 15:28:08, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 15:41:22, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:09:09, 0] smbd/server.c:main(944)
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 16:09:09, 0] param/loadparm.c:map_param
Unknown parameter encountered: ", csc policy"
[2007/12/05 16:09:09, 0] param/loadparm.c:lp_do_par
Ignoring unknown parameter ", csc policy"
[2007/12/05 16:13:23, 0] smbd/server.c:main(944)
smbd version 3.0.25b-1.el5_1.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/05 16:13:23, 0] param/loadparm.c:map_param
Unknown parameter encountered: ", csc policy"
[2007/12/05 16:13:23, 0] param/loadparm.c:lp_do_par
Ignoring unknown parameter ", csc policy"
[2007/12/05 16:15:35, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:15:35, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:04, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:04, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:53, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
[2007/12/05 16:23:53, 0] lib/util_sock.c:get_peer_a
getpeername failed. Error was Transport endpoint is not connected
793,3 99%
ASKER
Sir, for the ordinary users the following message appears in the windows client at the login :
Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.
Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.
samba users password is set with the
smbpasswd -a username
can you try that one and let me know pls?
smbpasswd -a username
can you try that one and let me know pls?
if you access the server with the ip address from the windows clients
\\server.ip.address.here\p rofiles
are you able to see the folders inside that???? i think it is still the permissions which need to be set properly
\\server.ip.address.here\p
are you able to see the folders inside that???? i think it is still the permissions which need to be set properly
it seems like an error in the smb.conf file itself
run the command
testparm
it will tell you which line in the smb.conf is not done properly so that you can trouble shoot better.
run the command
testparm
it will tell you which line in the smb.conf is not done properly so that you can trouble shoot better.
ASKER
Sir , i have used passdb backend = tdbsam
hence created the samba users :
#pdbedit -a < username>
and issued the password
is it still required to create smbpasswd
by smbpasswd -a username
please tell me mean while i will check the permission again
hence created the samba users :
#pdbedit -a < username>
and issued the password
is it still required to create smbpasswd
by smbpasswd -a username
please tell me mean while i will check the permission again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sir, also following is the permissionfor the
/var/lib/samba/profiles
[root@parrot samba]# ls -ld profiles/
drwxrwxrwx 5 root root 4096 Dec 4 17:59 profiles/
/var/lib/samba/profiles
[root@parrot samba]# ls -ld profiles/
drwxrwxrwx 5 root root 4096 Dec 4 17:59 profiles/
synch unix users and samba users might be good.
logon path = \\%L\Profiles\%U
logon drive = P: #you can choose any drive of your choice here
logon home = \\%L\%U
domain logons = Yes
once done , restart samba services and you should be done.
there should be a separate share name created with "Profiles" in your shares section
mine is as follows:
[Profiles]
path = /samba1/profiles
read only = No
browseable = No