I'm at a university. We have a campus-wide AD domain that we can use to authenticate our labs. I'm trying to set up a Linux server for mapping drives and folder redirection.
The Samba server is an ubuntu 16, 64bit, with minimal stuff installed (Samba, LAMP, OpenSSH) for testing.
Mapping the home directory works fine (I can use GPO to have it show up as a T: drive, for instance). But When I try folder redirection I get nothing.
- no files are created on the samba server.
- in the event log on the test PC I get "Completed Folder Redirection Processing in 500 milliseconds", EventID 7016.
The samba server is a domain member, not a controller. In fact I have very limited access to the domain controllers as those are run by the central IT of the university (I have access only to a part of our forest.)
Here are some of the relevant portions of my smb.conf
[global]
workgroup = OURDOMAINNAME
realm = OURDOMAINNAME.CA
netbios name = sambatest
security = DOMAIN
password server = *
[homes]
comment = Home Directories
browseable = no
read only = no
[profiles]
comment = Users profiles
path = /home/samba/profiles
read only = no
writable = yes
browseable = yes
create mask = 0600
directory mask = 0700
public = yes
store dos attributes = yes
I don't get why the homes part works but the profiles doesn't. Both involve authenticating the user to the server, don't they? (Yeah, not a samba guru here.)
I've tried many variations on file permissions and more and less options in the [profiles] bit up there.
Most of the documents that I've found online assume that your samba host is also a domain controller.
For the folder redirection GPO I have:
Setting: Basic - Redirect everyone's folder to the same location
Target Folder: Create a folder for each user under the root path
Root: \\myserver.ca\profiles
Any help would be greatly appreciated.
==============================
SOLVED. Sort of.
Still cannot get it to store data in the "profiles" directory. But my colleague figured out how to get it to redirect to the user's home directory.
1) On the samba server make the folders and make them owned by the user:
# sudo mkdir -p ~USER/Windows/Documents
# sudo chown -R USER:USER ~USER/Windows
# sudo chmod 700 ~USER/Windows
2) in the GPO, change it to point to the home directory:
- Go to the folder redirection area, and select the Documents folder, and the "Target" tab.
- Change Setting "Basic - redirect everyone's folder to the same location"
- Change Target Folder location to "Redirect to the following location"
- Change Root Path to "\sambahost.FQDN\%USERNAME%\WIndows\Documents"
- Note we tried using %LogonUser% but that did not work.
- Next open the Settings Tab
- UNCHECK the "grant the user exclusive rights to documents" box.
That's it. Back on the test workstation I could now logon and everything seems fine. (I did not need to run "gpupdate /force", but you might have to do that to get it to re-read the group policy) Then on the samba server I could verify that documents and items were appearing in the Users "Windows/Documents" directory.
Hope this helps someone else.
