[Samba] Strange PDC issue
This is a discussion on [Samba] Strange PDC issue within the Samba forums, part of the Networking and Network Related category; Hi all, I have a really strange PDC issue: windows clients are able to join and to login, however some ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-31-2008
|
|||
|
|||
[Samba] Strange PDC issue
Hi all,
I have a really strange PDC issue: windows clients are able to join and to login, however some clients have permissions issue on their local machine, for example they cannot modify settings suck as menubar, folder view, set quick start shortcuts ecc... so they cannot use the pc. However if they create a desktop file or folder on logoff their profiles are correctly updated. On the same machine some users can do these things and some other cannot. The users are all local machine administrators. Google seems doesn't help. Someone with this really strange issue? my system is centos 5.1 (all updates applied) with default samba (3.0.25) in my logs nothing seems interesting here is my configuration: [global] unix charset = ISO-8859-15 display charset = ISO-8859-15 workgroup = PDC server string = Server di dominio interfaces = lo, eth0 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 100 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd "%u" -n -g users delete user script = /usr/sbin/userdel "%u" add group script = /usr/sbin/groupadd "%g" delete group script = /usr/sbin/groupdel "%g" add user to group script = /usr/sbin/usermod -G '%g' '%u' delete user from group script = /usr/sbin/userdel "%u" "%g" add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes invalid users = bin, deamon, sys, man, postfix, mail, ftp admin users = root hosts allow = 127., 192.168.2. map acl inherit = Yes printing = cups cups options = raw print command = lpq command = %p lprm command = hide unreadable = Yes veto files = /*.eml/*.nws/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes locking = No share modes = No [Profiles] comment = Roaming Profile Share path = /home/samba/profiles read only = No profile acls = Yes case sensitive = No preserve case = No short preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No csc policy = disable thanks Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-01-2008
|
|||
|
|||
|
Re: [Samba] Strange PDC issue
Il giorno sab, 31/05/2008 alle 21.01 +0200, Mailing List SVR ha scritto:
> Hi all, > > I have a really strange PDC issue: > > windows clients are able to join and to login, however some clients have > permissions issue on their local machine, for example they cannot modify > settings suck as menubar, folder view, set quick start shortcuts ecc... > so they cannot use the pc. However if they create a desktop file or > folder on logoff their profiles are correctly updated. > > On the same machine some users can do these things and some other > cannot. The users are all local machine administrators. > > Google seems doesn't help. Someone with this really strange issue? > > my system is centos 5.1 (all updates applied) with default samba > (3.0.25) > > in my logs nothing seems interesting > > here is my configuration: > > [global] > unix charset = ISO-8859-15 > display charset = ISO-8859-15 > workgroup = PDC > server string = Server di dominio > interfaces = lo, eth0 > bind interfaces only = Yes > obey pam restrictions = Yes > passdb backend = tdbsam > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n > *Password*changed* > username map = /etc/samba/smbusers > unix password sync = Yes > log level = 1 > syslog = 0 > log file = /var/log/samba/%m.log > max log size = 100 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > show add printer wizard = No > add user script = /usr/sbin/useradd "%u" -n -g users > delete user script = /usr/sbin/userdel "%u" > add group script = /usr/sbin/groupadd "%g" > delete group script = /usr/sbin/groupdel "%g" > add user to group script = /usr/sbin/usermod -G '%g' '%u' > delete user from group script = /usr/sbin/userdel "%u" "%g" > add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M > -d /nohome -s /bin/false "%u" > abort shutdown script = /sbin/shutdown -c > logon script = scripts\logon.bat > logon path = \\%L\profiles\%U > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > invalid users = bin, deamon, sys, man, postfix, mail, ftp > admin users = root > hosts allow = 127., 192.168.2. > map acl inherit = Yes > printing = cups > cups options = raw > print command = > lpq command = %p > lprm command = > hide unreadable = Yes > veto files = /*.eml/*.nws/*.{*}/ > veto oplock files = /*.doc/*.xls/*.mdb/ > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > guest ok = Yes > printable = Yes > use client driver = Yes > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > locking = No > share modes = No > > [Profiles] > comment = Roaming Profile Share > path = /home/samba/profiles > read only = No > profile acls = Yes > case sensitive = No > preserve case = No > short preserve case = No > hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > browseable = No > csc policy = disable > > > thanks > Nicola > I just updated to 3.0.28 (srpm from rhel 5 update 2) but still the same issue. net groupmap list give this result: Domain Users (S-1-5-21-487449451-2765197844-2627020230-1002) -> users Produzione (S-1-5-21-487449451-2765197844-2627020230-1004) -> produzione Vss (S-1-5-21-487449451-2765197844-2627020230-1006) -> vss Domain Admins (S-1-5-21-487449451-2765197844-2627020230-1001) -> root Domain Guests (S-1-5-21-487449451-2765197844-2627020230-1003) -> nobody Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1005) -> amministrazione If I remember the last part of "Domain User" was 513 and not 1002, can this create issues? thanks Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-01-2008
|
|||
|
|||
|
Re: [Samba] Strange PDC issue
Il giorno dom, 01/06/2008 alle 21.14 +0200, Mailing List SVR ha scritto:
> Il giorno sab, 31/05/2008 alle 21.01 +0200, Mailing List SVR ha scritto: > > Hi all, > > > > I have a really strange PDC issue: > > > > windows clients are able to join and to login, however some clients have > > permissions issue on their local machine, for example they cannot modify > > settings suck as menubar, folder view, set quick start shortcuts ecc... > > so they cannot use the pc. However if they create a desktop file or > > folder on logoff their profiles are correctly updated. > > > > On the same machine some users can do these things and some other > > cannot. The users are all local machine administrators. > > > > Google seems doesn't help. Someone with this really strange issue? > > > > my system is centos 5.1 (all updates applied) with default samba > > (3.0.25) > > > > in my logs nothing seems interesting > > > > here is my configuration: > > > > [global] > > unix charset = ISO-8859-15 > > display charset = ISO-8859-15 > > workgroup = PDC > > server string = Server di dominio > > interfaces = lo, eth0 > > bind interfaces only = Yes > > obey pam restrictions = Yes > > passdb backend = tdbsam > > pam password change = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n > > *Password*changed* > > username map = /etc/samba/smbusers > > unix password sync = Yes > > log level = 1 > > syslog = 0 > > log file = /var/log/samba/%m.log > > max log size = 100 > > name resolve order = wins bcast hosts > > time server = Yes > > printcap name = CUPS > > show add printer wizard = No > > add user script = /usr/sbin/useradd "%u" -n -g users > > delete user script = /usr/sbin/userdel "%u" > > add group script = /usr/sbin/groupadd "%g" > > delete group script = /usr/sbin/groupdel "%g" > > add user to group script = /usr/sbin/usermod -G '%g' '%u' > > delete user from group script = /usr/sbin/userdel "%u" "%g" > > add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M > > -d /nohome -s /bin/false "%u" > > abort shutdown script = /sbin/shutdown -c > > logon script = scripts\logon.bat > > logon path = \\%L\profiles\%U > > logon drive = H: > > logon home = \\%L\%U > > domain logons = Yes > > os level = 255 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > wins support = Yes > > invalid users = bin, deamon, sys, man, postfix, mail, ftp > > admin users = root > > hosts allow = 127., 192.168.2. > > map acl inherit = Yes > > printing = cups > > cups options = raw > > print command = > > lpq command = %p > > lprm command = > > hide unreadable = Yes > > veto files = /*.eml/*.nws/*.{*}/ > > veto oplock files = /*.doc/*.xls/*.mdb/ > > > > [homes] > > comment = Home Directories > > valid users = %S > > read only = No > > browseable = No > > > > [printers] > > comment = All Printers > > path = /var/spool/samba > > guest ok = Yes > > printable = Yes > > use client driver = Yes > > browseable = No > > > > [netlogon] > > comment = Network Logon Service > > path = /home/samba/netlogon > > guest ok = Yes > > locking = No > > share modes = No > > > > [Profiles] > > comment = Roaming Profile Share > > path = /home/samba/profiles > > read only = No > > profile acls = Yes > > case sensitive = No > > preserve case = No > > short preserve case = No > > hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > > browseable = No > > csc policy = disable > > > > > > thanks > > Nicola > > > > I just updated to 3.0.28 (srpm from rhel 5 update 2) but still the same > issue. > > net groupmap list > > give this result: > > Domain Users (S-1-5-21-487449451-2765197844-2627020230-1002) -> users > Produzione (S-1-5-21-487449451-2765197844-2627020230-1004) -> produzione > Vss (S-1-5-21-487449451-2765197844-2627020230-1006) -> vss > Domain Admins (S-1-5-21-487449451-2765197844-2627020230-1001) -> root > Domain Guests (S-1-5-21-487449451-2765197844-2627020230-1003) -> nobody > Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1005) -> > amministrazione > > If I remember the last part of "Domain User" was 513 and not 1002, can > this create issues? > > thanks > Nicola > I remapped windows group and unix group net groupmap add rid=512 ntgroup="Domain Admins" unixgroup=root type=d net groupmap add rid=513 ntgroup="Domain Users" unixgroup=users type=d net groupmap add rid=514 ntgroup="Domain Guests" unixgroup=nobody type=d net groupmap add rid=547 ntgroup="Power Users" unixgroup=wheel type=d now: net groupmap list Produzione (S-1-5-21-487449451-2765197844-2627020230-1020) -> produzione Vss (S-1-5-21-487449451-2765197844-2627020230-1022) -> vss Power Users (S-1-5-21-487449451-2765197844-2627020230-547) -> wheel Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1021) -> amministrazione Domain Users (S-1-5-21-487449451-2765197844-2627020230-513) -> users Domain Admins (S-1-5-21-487449451-2765197844-2627020230-512) -> root Domain Guests (S-1-5-21-487449451-2765197844-2627020230-514) -> nobody if I add an user to the root group all is fine, however "Domain Users" have the problems described above regards, Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-02-2008
|
|||
|
|||
|
Re: [Samba] Groumap problem [was Strange PDC issue]
Il giorno dom, 01/06/2008 alle 21.52 +0200, Mailing List SVR ha scritto:
> Il giorno dom, 01/06/2008 alle 21.14 +0200, Mailing List SVR ha scritto: > > Il giorno sab, 31/05/2008 alle 21.01 +0200, Mailing List SVR ha scritto: > > > Hi all, > > > > > > I have a really strange PDC issue: > > > > > > windows clients are able to join and to login, however some clients have > > > permissions issue on their local machine, for example they cannot modify > > > settings suck as menubar, folder view, set quick start shortcuts ecc... > > > so they cannot use the pc. However if they create a desktop file or > > > folder on logoff their profiles are correctly updated. > > > > > > On the same machine some users can do these things and some other > > > cannot. The users are all local machine administrators. > > > > > > Google seems doesn't help. Someone with this really strange issue? > > > > > > my system is centos 5.1 (all updates applied) with default samba > > > (3.0.25) > > > > > > in my logs nothing seems interesting > > > > > > here is my configuration: > > > > > > [global] > > > unix charset = ISO-8859-15 > > > display charset = ISO-8859-15 > > > workgroup = PDC > > > server string = Server di dominio > > > interfaces = lo, eth0 > > > bind interfaces only = Yes > > > obey pam restrictions = Yes > > > passdb backend = tdbsam > > > pam password change = Yes > > > passwd program = /usr/bin/passwd %u > > > passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n > > > *Password*changed* > > > username map = /etc/samba/smbusers > > > unix password sync = Yes > > > log level = 1 > > > syslog = 0 > > > log file = /var/log/samba/%m.log > > > max log size = 100 > > > name resolve order = wins bcast hosts > > > time server = Yes > > > printcap name = CUPS > > > show add printer wizard = No > > > add user script = /usr/sbin/useradd "%u" -n -g users > > > delete user script = /usr/sbin/userdel "%u" > > > add group script = /usr/sbin/groupadd "%g" > > > delete group script = /usr/sbin/groupdel "%g" > > > add user to group script = /usr/sbin/usermod -G '%g' '%u' > > > delete user from group script = /usr/sbin/userdel "%u" "%g" > > > add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M > > > -d /nohome -s /bin/false "%u" > > > abort shutdown script = /sbin/shutdown -c > > > logon script = scripts\logon.bat > > > logon path = \\%L\profiles\%U > > > logon drive = H: > > > logon home = \\%L\%U > > > domain logons = Yes > > > os level = 255 > > > preferred master = Yes > > > domain master = Yes > > > dns proxy = No > > > wins support = Yes > > > invalid users = bin, deamon, sys, man, postfix, mail, ftp > > > admin users = root > > > hosts allow = 127., 192.168.2. > > > map acl inherit = Yes > > > printing = cups > > > cups options = raw > > > print command = > > > lpq command = %p > > > lprm command = > > > hide unreadable = Yes > > > veto files = /*.eml/*.nws/*.{*}/ > > > veto oplock files = /*.doc/*.xls/*.mdb/ > > > > > > [homes] > > > comment = Home Directories > > > valid users = %S > > > read only = No > > > browseable = No > > > > > > [printers] > > > comment = All Printers > > > path = /var/spool/samba > > > guest ok = Yes > > > printable = Yes > > > use client driver = Yes > > > browseable = No > > > > > > [netlogon] > > > comment = Network Logon Service > > > path = /home/samba/netlogon > > > guest ok = Yes > > > locking = No > > > share modes = No > > > > > > [Profiles] > > > comment = Roaming Profile Share > > > path = /home/samba/profiles > > > read only = No > > > profile acls = Yes > > > case sensitive = No > > > preserve case = No > > > short preserve case = No > > > hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > > > browseable = No > > > csc policy = disable > > > > > > > > > thanks > > > Nicola > > > > > > > I just updated to 3.0.28 (srpm from rhel 5 update 2) but still the same > > issue. > > > > net groupmap list > > > > give this result: > > > > Domain Users (S-1-5-21-487449451-2765197844-2627020230-1002) -> users > > Produzione (S-1-5-21-487449451-2765197844-2627020230-1004) -> produzione > > Vss (S-1-5-21-487449451-2765197844-2627020230-1006) -> vss > > Domain Admins (S-1-5-21-487449451-2765197844-2627020230-1001) -> root > > Domain Guests (S-1-5-21-487449451-2765197844-2627020230-1003) -> nobody > > Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1005) -> > > amministrazione > > > > If I remember the last part of "Domain User" was 513 and not 1002, can > > this create issues? > > > > thanks > > Nicola > > > > I remapped windows group and unix group > > net groupmap add rid=512 ntgroup="Domain Admins" unixgroup=root type=d > net groupmap add rid=513 ntgroup="Domain Users" unixgroup=users type=d > net groupmap add rid=514 ntgroup="Domain Guests" unixgroup=nobody > type=d > net groupmap add rid=547 ntgroup="Power Users" unixgroup=wheel type=d > > > now: > > net groupmap list > Produzione (S-1-5-21-487449451-2765197844-2627020230-1020) -> produzione > Vss (S-1-5-21-487449451-2765197844-2627020230-1022) -> vss > Power Users (S-1-5-21-487449451-2765197844-2627020230-547) -> wheel > Amministrazione (S-1-5-21-487449451-2765197844-2627020230-1021) -> > amministrazione > Domain Users (S-1-5-21-487449451-2765197844-2627020230-513) -> users > Domain Admins (S-1-5-21-487449451-2765197844-2627020230-512) -> root > Domain Guests (S-1-5-21-487449451-2765197844-2627020230-514) -> nobody > > if I add an user to the root group all is fine, however "Domain Users" > have the problems described above > > > regards, > Nicola > After group remapping new accounts works fine, the problem are the old ones, even if I delete and then recreate an old account it doesn't work as expectd, maybe something related to the account name remain on windows or linux side, any suggestions? regards Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
