# samba pdc - about to throw it out the window!!!!!!

## FizzyWidget

I have the PDC set up, as Windows 7 is now saying its part of a domain, but for the life of me i cannot get it to make the profiles, on the Windows 7 machine it shows it as using a local profile, the roaming option is greyed out.

/etc/samba/smb.conf

```
[global]

netbios name  = Aramaki

workgroup     = PSS9

server string = PDC [on Gentoo :: Samba server %v]

printcap name = cups

printing = cups

load printers = yes

log file = /var/log/samba/log.%m

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

interfaces = lo eth0

bind interfaces only = yes

hosts allow = 127.0.0.1 192.168.1.0/24

hosts deny = 0.0.0.0/0

security = user       <-------- also tried it as domain

guest ok = no

invalid users = bin deamon sys man postfix mail ftp

encrypt passwords = yes

local master     = yes

os level         = 65

domain master    = yes

preferred master = yes

null passwords  = no

hide unreadable = yes

hide dot files  = yes

client ntlmv2 auth = yes

wins support = yes

wins proxy = no

lanman auth = yes

ntlm auth = yes

domain logons = yes

logon script  = logon.bat

logon path    = \\%L\profiles\%U\%a

logon drive   = H:

logon home    = \\%L\&U\.9xprofile

wins support       = yes

name resolve order = wins lmhosts host bcast

dns proxy          = no

passdb backend = tdbsam

add user script          = /usr/sbin/useradd -m %u

delete user script       = /usr/sbin/userdel -r %u

add group script         = /usr/sbin/groupadd %g

delete group script      = /usr/sbin/groupdel %g

add user to group script = /usr/sbin/usermod -G %g %u

add machine script      = /usr/sbin/useradd -d /dev/null -g 'machines' -c 'Machine Account' -s /bin/false '%u'

passwd program           = /usr/bin/passwd %u

passwd chat              = "*New password:*" %n\r "*New password (again):*" %n\r "*Password changed*"

[netlogon]

  path       = /var/lib/samba/netlogon

  guest ok   = no

  read only  = yes

  browseable = no

[profiles]

  path = /var/lib/samba/profiles

  browseable = no

  profile acls = yes

  writeable = yes

  default case = lower

  preserve case = no

  short preserve case = no

  case sensitive = no

  hide files = /desktop.ini/ntuser.ini/NTUSER.*/

  write list = @users @ntadmins

  valid users = "@Domain Admins" "@Domain Users" "@Domain Guests" "@smbusers"

  create mask = 0600

  directory mask = 0700

  csc policy = disable

  nt acl support = yes

  profile acls = yes

[homes]

  path                = /home/%U

  browseable          = no

  valid users         = %S

  read only           = no

  guest ok            = no

  inherit permissions = yes
```

/var/lib/samba/netlogon/logon.bat

```
echo Setting Current Time...

net time \\Aramaki /set /yes

echo Mapping Network Drives to Domain network server...

net use H: /HOME

net use X: \\Aramaki\public

net use Y: \\Aramaki\audio

net use Z: \\Aramaki\video
```

Only error i can see is in log.major

```
[2011/10/10 19:53:41.645547,  0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)

  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MAJOR machine account MAJOR$
```

I have added a user account and machine account with trust to samba and added a machines group, and yet still the /var/lib/samba/profiles directory is empty, i even made a folder with my name in there and chown'd it to dfoo.users - still empty, even Windows 7 is saying it is using a local profile and not a roaming one.

Is there something I have missed? I know Samba cant do active directory till at least v4, but from all I have been reading it should be able to do profiles.

So close to throwing the whole box out the Window

----------

## FizzyWidget

come on....someone most know......its either getting this to work or using Windows, which i dont want to do, but if i have too

----------

## baaann

I really have no idea, but the following taken from the elog may be relevant? 

 *Quote:*   

> An EXPERIMENTAL implementation of the SMB2 protocol has been added.
> 
> SMB2 can be enabled by setting 'max protocol = smb2'. SMB2 is a new 
> 
> implementation of the SMB protocol used by Windows Vista and higher

 

----------

## FizzyWidget

tried that, after restarting samba I can't connect to the Linux box, says network path not found

edit: after dropping in Samba 3.6.0 - smb2 option is working ok

----------

## Jarli

I know the topic is old, but if it helps. 

This is what I have to do for windows 2000, and Windows 7 computers. 

***For Windows 2000, and 7 I have to first create the account in pdpldapadmin, with it's computer name and IP, and then delete the record, then I can get the computer to join. Small but a bit irritating.***

Then I have to apply these following registry keys, regardless of the OS, 2000, XP, and 7. 

[HKLM\System\CCS\Services\Netlogon\Parameters]

Set “RequireSignOrSeal” to 0

Set “RequireStrongKey” to 1

[HKLM\System\CCS\Services\LanManWorkstation\Parameters]

DNSNameResolutionRequired »=dword:00000000

DomainCompatibilityMode »=dword:00000001

[HKLM\Software\Policies\Microsoft\Windows\System]

SlowLinkDetectEnabled »=dword:00000000

DeleteRoamingCache »=dword:00000001

WaitForNetwork »=dword:00000000

CompatibleRUPSecurity »=dword:00000001

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]

EnableLUA »=dword:00000000

----------

