Server :: Active Directory Roaming Profiles On Ubuntu External HDD?
Nov 4, 2009
I have a Ubuntu 9.10 desktop, with an external HD shared via Samba, with some users and folders on it. I have another computer on the network running Winblows Server 03', handling Active Directory (that I am still setting up and testing before any serious implementation.) I've been testing GPOs I am building on an XP SP3 virtual machine that is running off my Ubuntu desktop as well, that I joined to the AD domain.
However, the Domain Controller doesn't have a very big hard drive, and I'd like to take advantage of having 930GB free on this external hard drive for roaming user profiles, especially since I backup all of the drive contents every week. This would simplify a lot for me. What would you recommend is the best way to go about setting this up with my Samba configuration? I have a feeling /media/Slave/UserProfiles permissions will get somewhat complex.
I have around 12 users, with their profiles present on a Windows 2003 Active Directory and I would like to migrate to an open source free alternative.Could you recommend any alternative that supports the migration of user files from Active Directory?
On all of my xp clients no matter what the username is is I am continously getting the error saying that the profile cannot be found. I just built this domain recently and since day 1 the roaming profiles have not worked.
Im trying to set up a samba PDC and login to it from Vista, and everything is fine except that the login script is not getting run at all. I dont want roaming profiles, I just want a script to map the samba users drive and a couple of other network shares. Pasting smb.conf at end of post. The logon script is in the netlogon directory and Im pretty sure all the permissions are ok. /home/samba/netlogon/logon.cmd This is a windows file.Vista logs in ok as the domain user, just no script!
Code:
[global] ; General server settings netbios name = TILVERTON server string = %h server (Samba, Ubuntu)
I want to create an extra Ubuntu Server for storing roaming profiles,
I got: One Win2k8 server as Domain controller. One Ubuntu 9.10 server who is a member of the domain using Samba. Winbind is working correctly.. I can at least connect to shares with user names of the AD. Anyway my client (WinXP) currently logs on to the AD and works from there. I want to configure it so that all accounts are going to use roaming profiles, but here it comes... I want to store the roaming profiles on the extra Ubuntu server.
I've been thinking about setting up roaming profiles so that I can access my profile and settings from any computer in the house that has ubuntu booting on it. One thing that concerns me is, what happens if I log in using my profile from more than one computer at the same time? A couple examples:
1. I'm working on something on one pc, and go downstairs. A little while later I fire up a laptop down there and want to browse the web. What would happen?
2. I am logged in to my desktop, but let it go to standby. I later log on to a different pc on the network and load the same profile that was logged in (but in standby). What happens to the state of the profile when the desktop wakes up again?
I'd like to set up a Ubuntu server with windows clients running roaming profiles. I know this is possible but do not know how to set it up. Does anyone know of a guide or anything that can explain this?
I'm trying to setup roaming profiles on our Samba PDC. I've been at it all day, running into a lot of issues with access denied, and going around changing permissions hoping to fix it
The problem seems to have evolved over the day, getting worse. Right now it's an error message on logging in: Windows cannot locate the server copy of your roaming profile.....
DETAIL- The network name cannot be found. In addition, the user does not have access to any shares by default.
The server can be accessed manually and the user can connect to shares. The server can be pinged by the client. The client's user profiles do not get stored or retrieved on logout/in
current smb.conf # Samba config file created using SWAT # from UNKNOWN () # Date: 2010/08/22 16:34:42 [global] workgroup = ROSHNI.LOCAL
I've been at this for hours now and am still not getting it to work. I recently installed Squeeze on my home server, overwriting a Lenny installation. I've been able to add my NT domain accounts back in and pdbedit shows the expeted values - e.g.:
root@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix username: garydale NT username: Account Flags: [U ] User SID: S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale [Code].....
However, although I can log on, I can't get the roaming profiles working. I get the "windows cannot locate the server copy of your roaming profile" message. Since my Unix account names/numbers are the same and the profiles are in the previously working /home folder that didn't get touched, I can't see how it''s a permissions problem. Noneheless, I removed an old profile which should have let WIndows create a new one. It didn't. I still got the same error. I did have to reinstate the groupmaps (don't know why the samba install doesn't do this) but they seem OK.
I was successfully using samba + fedora directory server in fedora 10 as a primary domain controller for my home network (achieved mostly by following barry905's instructions here: [url].
After upgrading to fedora 11, some of the pdc functionality no longer worked.
For example, when i ran 'pdbedit -Lv', i got:
Code:
I was able to fix this by adding to the [global] section in /etc/samba/smb.conf:
Code:
I also found that i could no longer join an xp computer to the domain. i discovered that for some reason, the samba administrator password had been cleared. after running:
Code:
That was fixed.
The last problem, which i have still not fixed, is that roaming profiles no longer work. when i try to do a domain login as user 'htpc' from an xp machine, i get the following message in xp:
Everything works fine in doing this, however every time a user logs into the Windows Citrix Session the roaming profile created on the linux samba share creates their Windows Profile with a 755 perms. I understand that the default umask is (globally on my RHEL host is 022 ??) but in my smb.conf file the definition that is defined for the directory is set to a create mask of 0700. What is going on?
Which package I need for install AD for linux ubuntu server 9.10 could you help explane my in example, which package i need install in server and which package i need install in client.
I need to install FTP Server in CentOS and it has to integrate with Windows 2003 Active Directory. Users should use their Active directory Credentials to upload or download files in FTP Server.
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
I would like to set up Some kind of windows user manager in an ubuntu sever. The windows network is already set up. I've scoured the net for hours and found nothing.
I am trying out few stuff with Linux and Windows. I have a 'Postfix' mail server on CentOS 5.5 with 'dovecot' and 'squirrel' (webmail) working fine. I am just wondering, how can I create bulk mailboxes on CentOS 5.5 (for postscript) so that the the users can access their mail from the browser (squirrel mail)?
How can I integrate with Active Directory? I am also looking for techniques to automatically create bulk users (for example 100 users) on Active Directory with a default passwords (or random passwords if possible) that integrate with Postfix.
I would prefer to use a linux server for authentication but I will need the same configuration features.I have been looking for a good guide to setting up CentOS as an alternative to Active Directory, but have not found one yet.The features I want to see.
1. works with Windows clients. 2. Network Home folders (does not neessisarly need to hold profile information) 3. Logon scripts for clients. 4. shared printers 5. shared folders. 6. can log linux boxes in with the same credentials and logon scripts.
okay so we have multiple servers running CentOS and multiple people who need access to these machines for various tasks. i would like to be able to use the credentials from Active Directory (running on server 2008) to give them access to these servers without having to go through each server and add these people into permission groups. basically a single sign-on for all of these servers depending upon what permissions were granted in Active Directory. how do i go about doing this?
(This was posted at the end of another thread, where it probably didn't belong, so reposting here)I have Active Directory set up on one machine (and I can't really adjust the settings very much) and Ubuntu Server 10.04, which I would like to use as a client.I followed the directions at https://help.ubuntu.com/community/LD...Authentication, but when I get to
Code: getent passwd I don't see anything from the LDAP, and ssh'ing into the box from an LDAP/AD username certainly doesn't work.
In addition, I've attempted to use Webmin's LDAP Configuration module to configure it. I can connect to the server and can browse it with the LDAP browser with my settings, but the Webmin package doesn't recognize the users (which are organized in one of four Organizational Units (OUs) within the OU that I have as my Search Base) as users,
I want to create a shared folder in a ubuntu sistem but I want to know if I can get access to some users of my domain active directory windows 2003 server?If I can, I would give that security in some of the subfolders of that shared folder as explained at the example:XAMPLE:
Backups (all have access and it's shared) Mail of Charles (Can only have access Charles that have an account on domain) Mail of John (Can only have access John)
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
I was working to integrate Centos 5 and AD 2003 R2, this is my set up Windows side:
1. Install Identity Management for Unix, (Windows R2 already includes the Unix attribute not entirely necessary to install IMU, but it makes easier to configure the attributes from ADUC, when IMU is installed the Unix attributes TAB is shown in the user properties)
2. Configure the Unix attributes for every user account that will be authenticating from centos.
3. Create an user account to be used as a proxy for ldap, a regular user would be enough. Password never expires.
4. Create a computer account for every centos host; assign this computer account as pre-windows 2000 account.
5. Assign a value of 4128 to the user account control property for the computer account.
When i try to join my Ubuntu server to Microsoft Active Directory domain, i get the error message below.
Kinit failed: Clock skew too great Failed to join domain: Time difference at domain controller I know the reason is because of the time difference between my domain controller and the Ubuntu server. But what i want to know is that possible to join a domain without time synchronisation? Because my domain controller is working for another time zone, for another Country, so i can not synchronise it with my Ubuntu server.
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD. I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers. Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?
I'm trying to get our linux servers to use Active Directory (AD), and have gotten our linux (RHEL 5) server to fetch users and groups from AD. Now I'd like to add computers (and groups of computers) to AD, and have our linux boxes make use of this info. Does anyone know how to get our linux-boxes to understand computers and computer group objects on AD?
