Samba error al cargar el perfil movil

Forums: 

Hola amigos, les cuento mi problema. He configurado un servidor con samba, como pdc como un controlador de dominio en la red, pude agregar el dominio sin ningun problema a las maquinas clientes con windows xp, agrege la cuenta de la maquina que pertenecera al dominio (maquinas clientes), agregue al usuario root como un usuario samba. Inicie sesion con el usuario root desde la maquina cliente con windows, y puedo iniciar sin ningun problema, pero cierro sesión e inicio con otro usuario samba obviamente agregado en la maquina servidor, y al iniciar sesion me tira el siguiente error:

Windows no puede encontrar la copia del servidor de su perfil móvil y está intentando iniciar sesión con su perfil local. No se copiarán los cambios del perfil en el servidor cuando cierre la sesión. Las posibles causas de este error incluyen problemas con la red o derechos de seguridad insuficientes. Si este problema persiste, póngase en contacto con el administrador de red.

DETALLE - Acceso a la red denegado.

pincho en aceptar y me sale de nuevo el mismo error, pero esta vez no sale el "DETALLE - Acceso a la red denegado." e inicia le sesion local.

las carpeta de los perfiles esta en /var/lib/samba/profiles/ tal como lo dice el smb.conf, cree la carpeta del un usuario X y le di todos los permisos y asi aun no funciona.

los usuarios los agrego de la siguiente forma:

# useradd usuario
# passwd -l usuario
# smbpasswd -a usuario

S.O:

CentOS 4.6 con la version del nucleo 2.6.9-67.0.15.EL

espero que me puedan ayudar amigos, saludos gracias....

:)

Ese error se debe al uso del

Imagen de jcyepez

Ese error se debe al uso del recurso compartido netlogon, prueba, comentalo en el archivo de configuración de samba y prueba. El problema se da porque samba intenta establecer perfiles móviles por defecto. En lo personal yo lo desactivo.

Saludos

Juan Yépez
093681879

Saludos

Juan Yépez
0993681879
Dj - Discomovil Quito

Hola

Hola jcyepez

Me interesaria saber como lo deshabilitas, pues yo comento las linias de los perfiles, pero lo unico que consigo es que me los cree en el home.

Gracias

Si quieres usar la

Imagen de deathUser

Si quieres usar la funcionalidad de perfiles móviles, revisa los permisos del directorio donde se guardan los perfiles, trata de crear un archivo cualquiera como un usuario con los que tienes problemas al loguearte, seguramente te fakta permiso de búsqueda en parte del path ...

bye
:)

Samba perfil movil

Imagen de marcelosilva

Yo tengo el mismo problema con los perfiles moviles, ya he cambiado toda la configuracion en el smb.conf y el windows xp me saca el error que no puede encontrar el perfil en el servidor.

En mi caso tengo configurado samba+ldap aqui les pongo la configuración por si alguien sabe algo mas:


workgroup = senami
server string = Samba Server Version %v
netbios name = senami
enable privileges = yes
interfaces = lo,eth0
hosts allow = 192.168.10.
name resolve order = wins lmhosts host bcast
bind interfaces only = Yes
unix password sync = yes
os level = 33
preferred master = yes
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
security = user
guest ok = no
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
encrypt passwords = yes
password level = 20
null passwords = no
server signing = auto
profile acls = yes
nt acl support = yes
passdb backend = ldapsam:ldap://127.0.0.1
log level = 10
ldap ssl = off
ldap suffix = dc=senami1
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = "cn=Manager,dc=senami1"
ldap delete dn = yes
ldap idmap suffix = ou=Idmap
map acl inherit = Yes
ldap passwd sync = Yes
idmap backend = ldap:ldap://127.0.0.1

logon home = \\%L\%U\profile
logon drive = H:
logon path = \\%N\profiles\%U
logon script = /home/samba/netlogon/logon.bat
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*successfully*
add machine script = /usr/local/sbin/smbldap-useradd -w -d /dev/null -s /bin/false %u
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
add group script = /usr/local/sbin/smbldap-groupadd %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
domain logons = yes

dns proxy = no
load printers = yes
cups options = raw
[netlogon]
path = /home/samba/netlogon
guest ok = no
read only = yes
browseable = no

#carpetas home de los usuarios
[homes]
path = /home/samba/%U
comment = Carpetas Inicio
root preexec = /etc/samba/mk_sambadir "/home/samba/%U" "%U" "%g"
browseable = no
writeable = yes
valid users = %S
read only = no
guest ok = no
inherit permissions = yes

[profiles]
path = /home/samba/profiles
writeable = yes
#read only = no
browseable = no
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
create mask = 0600
directory mask = 0700
csc policy = disable
#profile acls support = yes
nt acl support = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

Saludos

Marcelo Silva

solucionado

Hola amigos, gracias a todos por su ayuda. He solucionado el problema del perfil movil tal como lo dijo jcyepez, gracias, he deshabilitado el netlogon y me funko a la perfeccion, los perfiles los crea en la siguiente ruta /home/usuario1/profiles lo crea solo, a continuacion se muestra el smb.conf y la linea que se ha desahabilitado es la linea Logon path:


#======================= Global Settings =====================================

[global]

# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = PULGA
server string = Samba server en Linux CentOS

netbios name = servidor

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

# logs split per machine
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = user
passdb backend = tdbsam

# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *

; security = domain
; passdb backend = tdbsam
; realm = MY_REALM

; password server =

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
security = user
passdb backend = tdbsam

domain master = yes
domain logons = yes

# the login script name depends on the machine name
logon script = logon.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u ESTA FUE LA LINEA QUE HE DESAHABILITADO PARA QUE FUNCIONE!
; logon drive = H:
; logon home = \\%L\%U

# disables profiles support by specifing an empty path
; logon path =

add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"; delete group script = /usr/sbin/groupdel "%g"

# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
local master = yes
os level = 64
preferred master = yes
domain master = yes
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

wins support = yes
wins server = w.x.y.z
; wins proxy = yes

; dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

load printers = yes
cups options = raw

; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes

#============================ Share Definitions ==============================

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
write list = root
share modes = yes

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /var/lib/samba/profiles
browseable = no
guest ok = yes
create mask = 0600
read only = no

# A publicly accessible directory, but read only, except for people in
# the "staff" group
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff

Saludos gracias, espero que le sirva a alguien esto.

dd

Para que sirve esto poner al

Imagen de Night_23

Para que sirve esto poner al inicio de tus carpetas compartidas, haber si me puedes decir es solo algo que no lo entiendo y me gustaria saber que es lo que hacen.

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no

Gracias

Pues era claramente una

Imagen de deathUser

Pues era claramente un problema de permisos, al comentar la línea lo único que hiciste es que los copie directamente en los home directorys de los usuarios y no te da el problema, ya que el directorio le pertenece al usuario y no vas a tener problemas de permisos, si lo que quieres es centralizar la ubiciación de los perfiles móviles, pues necesitas el logon path, si no, pues ya tienes la solución que querías ...

Para cualquier problema con samba, habilita el debug y mira que te dice en los mensajes de error (log) ...

bye
:)