James B. Byrne
2016-07-21 14:09:50 UTC
We have set up a Samba-4.3 AD-DC on a FreeBSD-10.3 BHyve guest
configured with UFS stoarge. The samba_server is provisioned and we
can join the Domain and configure the server remotely using MMC
snap-ins running on a MS Win-v7Pro workstation.
We are at the point where we are implementing roaming profiles. We
have followed the instructions found at:
https://wiki.samba.org/index.php/Implementing_roaming_profiles
and
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
And have checked and double checked the ACLs that the ones we have
assigned match exactly those given in the examples. However, when we
create a new test account no roaming profile directory is created.
The contents of our smb4.conf file are:
cat /usr/local/etc/smb4.conf
# Global parameters
[global]
workgroup = BROCKLEY-2016
realm = BROCKLEY-2016.HARTE-LYNE.CA
netbios name = SAMBA-01
server role = active directory domain controller
dns forwarder = 216.185.71.33
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca/scripts
read only = No
[sysvol]
path = /var/db/samba4/sysvol
read only = No
[PROFILES]
path = /var/samba4/BROCKLEY-2016/PROFILES/
read only = No
[USERS]
path = /var/samba4/BROCKLEY-2016/USERS/
read only = No
The getfacl utility reports this:
getfacl /var/samba4/BROCKLEY-2016/*
# file: /var/samba4/BROCKLEY-2016/PROFILES
# owner: root
# group: BROCKLEY-2016\domain admins
user::rwx
user:root:rwx
group::---
group:staff:r-x
group:BROCKLEY-2016\domain admins:---
mask::rwx
other::---
# file: /var/samba4/BROCKLEY-2016/USERS
# owner: root
# group: BROCKLEY-2016\domain admins
user::rwx
group::rwx
other::r-x
This is what ls has to say:
ll /var/samba4/BROCKLEY-2016/
total 12
drwxrwx---+ 2 root BROCKLEY-2016\domain admins 512 Jul 20 13:35
PROFILES
drwxrwxr-x 2 root BROCKLEY-2016\domain admins 512 Jul 20 13:35 USERS
We create a new user via the RSAT MMC snap-ins and add the roaming
profile using this string: '\\SAMBA-01\PROFILES\%USERNAME%'. When we
press Apply we get no error but the user's roaming profile directory
is not created. We get the same result whether we have previously set
the UNIX Attributes for the new user or not.
Now, we can create the user's home drive mapping. Using this string:
'\\SAMBA-01\PROFILES\%USERNAME%'. When we map this to U: drive and
press Apply then the USER share sub-directory is created:
ll /var/samba4/BROCKLEY-2016/USERS
total 8
drwxrwxr-x+ 2 BUILTIN\administrators staff 512 Jul 21 10:03 testing4
getfacl /var/samba4/BROCKLEY-2016/USERS/testing4
# file: /var/samba4/BROCKLEY-2016/USERS/testing4
# owner: BUILTIN\administrators
# group: staff
user::rwx
user:BROCKLEY-2016\testing4:rwx
group::r-x
group:staff:r-x
group:BUILTIN\administrators:rwx
mask::rwx
other::r-x
There does not seem to be anything logged in /var/log/samba4 relating
to the event of adding a user and I can find no other log entries
generated anywhere when we add the roaming profile or user home drive
mapping. I am at a loss as to how to proceed at this point.
Is there anything in the set-up of roaming profiles that I have
missed? Is there a configuration option I have over looked? Is the
attempt[t to create the profile logged anywhere? Is there any way of
checking if the server is even making an attempt to create it?
This is the very last bit of configuration that we need to move our
domain off of our Windows server and it seems to me that it must be
something simple that we are overlooking. Can anyone tell me what it
is?
Sincerely,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
configured with UFS stoarge. The samba_server is provisioned and we
can join the Domain and configure the server remotely using MMC
snap-ins running on a MS Win-v7Pro workstation.
We are at the point where we are implementing roaming profiles. We
have followed the instructions found at:
https://wiki.samba.org/index.php/Implementing_roaming_profiles
and
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
And have checked and double checked the ACLs that the ones we have
assigned match exactly those given in the examples. However, when we
create a new test account no roaming profile directory is created.
The contents of our smb4.conf file are:
cat /usr/local/etc/smb4.conf
# Global parameters
[global]
workgroup = BROCKLEY-2016
realm = BROCKLEY-2016.HARTE-LYNE.CA
netbios name = SAMBA-01
server role = active directory domain controller
dns forwarder = 216.185.71.33
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca/scripts
read only = No
[sysvol]
path = /var/db/samba4/sysvol
read only = No
[PROFILES]
path = /var/samba4/BROCKLEY-2016/PROFILES/
read only = No
[USERS]
path = /var/samba4/BROCKLEY-2016/USERS/
read only = No
The getfacl utility reports this:
getfacl /var/samba4/BROCKLEY-2016/*
# file: /var/samba4/BROCKLEY-2016/PROFILES
# owner: root
# group: BROCKLEY-2016\domain admins
user::rwx
user:root:rwx
group::---
group:staff:r-x
group:BROCKLEY-2016\domain admins:---
mask::rwx
other::---
# file: /var/samba4/BROCKLEY-2016/USERS
# owner: root
# group: BROCKLEY-2016\domain admins
user::rwx
group::rwx
other::r-x
This is what ls has to say:
ll /var/samba4/BROCKLEY-2016/
total 12
drwxrwx---+ 2 root BROCKLEY-2016\domain admins 512 Jul 20 13:35
PROFILES
drwxrwxr-x 2 root BROCKLEY-2016\domain admins 512 Jul 20 13:35 USERS
We create a new user via the RSAT MMC snap-ins and add the roaming
profile using this string: '\\SAMBA-01\PROFILES\%USERNAME%'. When we
press Apply we get no error but the user's roaming profile directory
is not created. We get the same result whether we have previously set
the UNIX Attributes for the new user or not.
Now, we can create the user's home drive mapping. Using this string:
'\\SAMBA-01\PROFILES\%USERNAME%'. When we map this to U: drive and
press Apply then the USER share sub-directory is created:
ll /var/samba4/BROCKLEY-2016/USERS
total 8
drwxrwxr-x+ 2 BUILTIN\administrators staff 512 Jul 21 10:03 testing4
getfacl /var/samba4/BROCKLEY-2016/USERS/testing4
# file: /var/samba4/BROCKLEY-2016/USERS/testing4
# owner: BUILTIN\administrators
# group: staff
user::rwx
user:BROCKLEY-2016\testing4:rwx
group::r-x
group:staff:r-x
group:BUILTIN\administrators:rwx
mask::rwx
other::r-x
There does not seem to be anything logged in /var/log/samba4 relating
to the event of adding a user and I can find no other log entries
generated anywhere when we add the roaming profile or user home drive
mapping. I am at a loss as to how to proceed at this point.
Is there anything in the set-up of roaming profiles that I have
missed? Is there a configuration option I have over looked? Is the
attempt[t to create the profile logged anywhere? Is there any way of
checking if the server is even making an attempt to create it?
This is the very last bit of configuration that we need to move our
domain off of our Windows server and it seems to me that it must be
something simple that we are overlooking. Can anyone tell me what it
is?
Sincerely,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba