Domain Server

[acateon]

Hi guys! Awsome feature you've discovered! I have a couple problems though... I manage to join the domain and login with with the admin account but the roming profile doesn't seam to work. All the files on the desktop ends upp in C:\Users\TEMP. You we're supposed to create some folders in share User/ntprofile and so forth. Does this also apply if you're running Vista, as I do in this case? If so, should i still have an ntprofile in the User folder or should it be something else? The guy who (can't remember right now his name now) wrote the wonderful guide mentioned something about more subfolders in User or ntprofile accordning to Win 2000 and XP style directory, what did you/he mean?

Some help would be greatly apprichiated though both me and my beloved other halv would have great use for this wonderful function! : )


"Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.

DETAIL - The system cannot find the file specified. "

[Eraser-EMC2-]

I think, i got the roming profiles to work.

I put these line to the global section :

Code: Select all

	logon path = \\%N\profiles
	Logon drive = P:
	logon home = \\%N\%U

and 2 additional shares into the smb.conf :

Code: Select all

	
[homes]
path = /share/HDA_DATA/User/%u
comment = Home Directories
read only = no
browseable = no

[Profiles]
path = /share/HDA_DATA/User/%u/ntprofile/%a
read only = no
create mask = 0600
directory mask = 0700
browsable = no

Then i made folder for the User :

Code: Select all

    for USER in user1 user2 user3
    do
      mkdir /share/HDA_DATA/User/$USER/ntprofile
      for WINDOWS in WinNT Win2K WinXP
      do
        mkdir /share/HDA_DATA/User/$USER/ntprofile/$WINDOWS
      done
      chmod -R 700 /share/HDA_DATA/User/$USER
      chown -R $USER /share/HDA_DATA/User/$USER
    done;;

%u is a variable for the username
%a is the variable for the type of windows:
WinNT
Win2K
WinXP
Win2K3

I dont know the names for Vista and Win2008.

If you dont use more windows versions, you can remove the %a of the share profile :

Code: Select all

[Profiles]
path = /share/HDA_DATA/User/%u/ntprofile
read only = no
create mask = 0600
directory mask = 0700
browsable = no

[acateon]

Well done! One question though:

for USER in user1 user2 user3
do
mkdir /share/HDA_DATA/User/$USER/ntprofile
for WINDOWS in WinNT Win2K WinXP
do
mkdir /share/HDA_DATA/User/$USER/ntprofile/$WINDOWS
done
chmod -R 700 /share/HDA_DATA/User/$USER
chown -R $USER /share/HDA_DATA/User/$USER
done;;

Am I supposed to just paste all that in Putty for example? Or should I actually create those folders manually? Sorry for being so stupid. ; )

[Eraser-EMC2-]

Sure, you can create this folder manually,
you have only to change the persmissions for the folder.

chmod -R 700 /share/HDA_DATA/User/user1
chown -R user1 /share/HDA_DATA/User/user1

Otherwise it could be access from an other user.

[acateon]

Okey. Seams to work, almost...
I mangage to login ok. The network drive maps just fine and Windows doesn't complain about the profile, but it still saves the profile in C:\User\TEMP.

Is Windows supposed to automatically create the subfolers in the mounted network drive? Nethood etc.

[Eraser-EMC2-]

I think, i made a mistake in the shares definition.

Try this:

Code: Select all

[global]
  logon path = \\%N\profiles\%u
   Logon drive = P:
   logon home = \\%N\%U

[Profiles]
path = /share/HDA_DATA/Profiles
read only = no
create mask = 0600
directory mask = 0700
browsable = no

Inside of the folder "/share/HDA_DATA/Profiles" are the user folder.

My mistake was, windows is searching the user folder inside of the share
and use not direct the share folder as user folder.

[acateon]

That did it! Now it works perfectly! Thanks so, so much!

Realised that the roaming profile only works with the admin account. If I use any other account the roaming won't work. I can still login okey though, and the apporopriate folder maps fine.
Do I need to add those accounts somewhere?

Edit: Noticed that all users execpt admin can't write to the mapped networkdrive.

[Eraser-EMC2-]

These are now the settings for my system shares:

Code: Select all

[Profiles]
path = /share/HDA_DATA/Profiles
comment = User Profiles
read only = no
create mask = 0600
directory mask = 0700
browsable = no
inherit owner = yes
profile acls = yes

[homes]
path = /share/HDA_DATA/User/%u
comment = Home Directories
read only = no
browseable = no

[Netlogon]
path = /share/HDA_DATA/Netlogon
comment = Network Logon Service
browsable = no
read only = yes
write list= admin

[acateon]

Thanks for the update!

I found out what the problem was only making the admin roaming profile working.
I had to manually create and give the other users profile folder the correct user rights. After that it works perfectly. Takes quite a while to login and log out though. But it's definitive worth it!

[ctxpl]

Hi

Can We create toturial "How run PDC on Qnap" ??

Its very interesting topic.

[ctxpl]

Hi

I have problem.

my conf

Code: Select all

[global]
workgroup = TOMEX-NET
security = USER
server string = Serwer plikow
	encrypt passwords = Yes
username level = 0
	map to guest = Bad User
null passwords = yes
	max log size = 10
	socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768
	os level = 32
	preferred master = Yes
	dns proxy = No
	config file = /etc/config/smb.conf
	smb passwd file=/etc/config/smbpasswd	
	username map = /etc/config/smbusers
	guest account = guest
	directory mask = 0777
	create mask = 0777
oplocks = yes
	locking = yes
	disable spoolss = yes
	load printers = no
dos charset = ASCII
display charset = UTF8
force directory security mode = 0000
	template shell = /bin/sh
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/
	delete veto files = yes
	map archive = yes
	map system = yes
	map hidden = yes
	map read only = yes

use sendfile = yes
case sensitive = auto
deadtime = 10
wins support = yes
time server = yes
client ntlmv2 auth = yes
default service = Public
domain logons = yes
domain master = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
Logon drive = P:
logon home = \%N\%U
logon script = login.cmd
logon path = \%N\profiles\%u
[Qmultimedia]
comment = System default share
path = /share/HDA_DATA/Qmultimedia
browsable = yes
public = yes
invalid users = guest
read list = @"everyone"
write list = admin
valid users = root,@"everyone",admin
inherit permissions = yes
[Qdownload]
comment = System default share
path = /share/HDA_DATA/Qdownload
browsable = yes
public = yes
invalid users = guest
read list = @"everyone"
write list = admin
valid users = root,@"everyone",admin
inherit permissions = yes
[Qrecordings]
comment = System default share
path = /share/HDA_DATA/Qrecordings
browsable = yes
public = yes
invalid users = guest
read list = @"everyone"
write list = admin
valid users = root,@"everyone",admin
inherit permissions = yes
[Qweb]
comment = System default share
path = /share/HDA_DATA/Qweb
browsable = yes
public = yes
invalid users = guest
read list = @"everyone"
write list = admin
valid users = root,@"everyone",admin
inherit permissions = yes
[Qusb]
comment = System default share
path = /share/HDA_DATA/Qusb
browsable = yes
public = yes
invalid users = guest
read list = @"everyone"
write list = admin
valid users = root,@"everyone",admin
inherit permissions = yes
[Public]
comment = System default share
path = /share/HDA_DATA/Public
browsable = yes
public = yes
invalid users = 
read list = 
write list = admin,@"everyone",guest,ela
valid users = root,admin,@"everyone",guest,ela
inherit permissions = yes
[Dokumenty]
comment = Dokumenty Ogolne
path = /share/HDA_DATA/Dokumenty
browsable = yes
public = yes
invalid users = guest
read list = 
write list = admin,ela
valid users = admin,ela
inherit permissions = yes
[netlogon]
comment = Network Logon Service
path = /share/HDA_DATA/Netlogon
guest ok = yes
browseable = no
[homes]
comment = Home Directories
path = /share/HDA_DATA/User/%u
read only = no
browseable = no
[profiles]
comment = User Profile
path = /share/HDA_DATA/Profiles/%a
read only = no
create mask = 0611
directory mask = 0711
browsable = no
profile acls = yes
[KOSZTORYSY]
comment = 
path = /share/HDA_DATA/KOSZTORYSY
browsable = yes
public = yes
invalid users = guest
read list = 
write list = admin,ela
valid users = admin,ela
inherit permissions = yes

I login to TOMEX-NET ( user test), roaming profil is load, but if I create any file on desktop this file no to is copy to server ( its only at this PC where I login) .

On system roaming profile is on.

[Eraser-EMC2-]

Hi,
take a look on this, if is there the desktop path included.

[W4CHL]

See thread on setup of PDC here: http://forum.qnap.com/viewtopic.php?f=5 ... 053#p79877

[W4CHL]

For those of us running a small (less than 10 PC, 5 with users) church environment, a PDC setup tutorial would be wonderful. I follow most of the thread above, except that I've never setup a PDC. This will be for testing on a TS-109 and at the church on a TS-209 Turbo (not a version with AD supported).

Thanks, Mark
http://c3huu.org

[motionblurrr]

Eraser-EMC2-,

I have two questions for you as you seem to be the resident expert! I have my TS-109 Pro setup as a Samba PDC. I've got two issues I'm running into right now:

1) I seem to have to recreate the group mappings upon every restart of samba. Did you get around this by just placing the commands to do the mapping in a script that you run after it restarts? Mostly I just want to confirm that you have to do this... I just want to make sure my group mappings aren't disappearing because I didn't do something correctly.

2) How do you manage permissions to your shares now? Do you have to do it via the smb.conf file for each share? Does your Web UI no longer allow you to change access?

Thanks!