Fürs XP:
Nun müssen auch noch einpaar Sachen beim XP gechanged werden... Und dass noch vor dem „In Domain einbinden“:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
Und auch noch über den gpedit.msc als lokaler Administrator:
„Do not check for user ownership of Roaming Profile Folders“
Und was noch sein kann.. Ich musste die lokalen profile löschen und die auf dem server auch.. Nachdem ich meinen Server neu aufgesetzt hatte, scheint sich die ID geändert zu haben und XP wollte die Profile nicht anfassen. Erst als ich alle mal kurz anderwo verschoben habe(Server und beim Client), hat der keks neue profile angelegt und alles ging.. Versuch mal erstmal ohne /%u/%m, sondern erstmal nur mit /%u.
Fürs Samba.. Hast du die map sachen per swat jeweils auf no gesetzt.. Ich hab noch was vergessen und zwar:
store dos attributes = yes
Ansonsten hast du auch 'ne kopie von meiner smb.conf.. Riesengross aber mit allen einstellungen.. Die LDAP Einstellungen kann du ja für dich rausnehmen.. Die @'Domain Users' kannst du entweder ersetzen mit @users oder trägst deinen user an. Das @ gibt nur an, dass es sich um eine Gruppe handelt..
Code:
Samba config file created using SWAT
# from 10.0.0.139 (10.0.0.139)
# Date: 2004/07/19 16:33:30
# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = BERLIN-HOME
realm =
netbios name = LINUX2
netbios aliases =
netbios scope =
server string = Samba Server %v
interfaces = bond0
bind interfaces only = Yes
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = No
server schannel = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = ldapsam:ldap://10.0.0.140/
algorithmic rid base = 1000
root directory =
guest account = nobody
pam password change = No
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
log level = 10
syslog = 1
syslog only = No
log file =
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139 137
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 10
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
socket options = TCP_NODELAY
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 750
printcap name = cups
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
stat cache = Yes
machine password timeout = 604800
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script =
add group script = /usr/local/sbin/smbldap-groupadd -p %g
delete group script =
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
add machine script = add machine script = /usr/local/sbin/smbldap-useradd -w %u
shutdown script =
abort shutdown script =
logon script =
logon path = \\linux2\profiles\%U
logon drive = X:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = Yes
wins server = erfcl20001-w98:10.0.0.180, erfcl20001-xpp:10.0.0.143
wins support = Yes
wins hook =
wins partners =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap suffix = dc=berlin-home,dc=local
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix =
ldap filter = (uid=%u)
ldap admin dn = cn=Manager,dc=berlin-home,dc=local
ldap ssl = no
ldap passwd sync = no
ldap delete dn = Yes
ldap replication sleep = 1000
add share command =
change share command =
delete share command =
config file =
preload =
lock directory = /var/lib/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
afs username map =
time offset = 0
NIS homedir = No
panic action =
host msdfs = No
enable rid algorithm = Yes
idmap backend =
idmap uid =
idmap gid =
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = No
comment =
path =
username =
invalid users =
valid users = nobody, '@Domain Users', '@Domain Admins'
admin users =
read list =
write list =
printer admin = @ntadmin, root, administrator
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = cups
cups options = raw
print command =
lpq command =
lprm command =
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = No
mangled names = Yes
mangled map =
store dos attributes = Yes
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
[homes]
comment = Home Directories
path = /home/%U
valid users = %U
[profiles]
comment = Network Profiles Service
path = /home/samba/profiles
valid users = %U, '@Domain Admins'
force user = %U
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
[netlogon]
path = /home/samba/netlogon
write list = ntadmin
[users]
comment = All users
path = /home
read only = No
inherit permissions = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit permissions = Yes
[pdf]
comment = PDF creator
path = /var/tmp
create mask = 0600
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[ldap]
path = /home/ldap
read only = No
[test]
comment = TestDirectory
path = /home/test
valid users = '@Domain Users'
write list = '@Domain Users'
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0666
hide dot files = No
Lesezeichen