RHEL 6.5 problem with Samba variables in 'smb.conf' - variables are not being honored or respected or translated to its value

Latest response

Hi,
got a strange problem - some (not all) variables used in samba config file 'smb.conf' are not translated to its values and are used as a string (or let's say text value).

[code]
samba.x86_64 3.6.9-164.el6
samba-client.x86_64 3.6.9-164.el6
samba-common.x86_64 3.6.9-164.el6
samba-winbind.x86_64 3.6.9-164.el6
samba-winbind-clients.x86_64 3.6.9-164.el6
samba4-libs.x86_64 4.0.0-58.el6.rc4
[/code]

for example, part in 'smb.conf' specifying netlogon scripts and user profiles location:

[code]
logon script = netlogon.bat
logon home = \%L\home\%U
logon path = \%L\profiles\%a
logon drive = H:

[netlogon]
path = /etc/samba/scripts/%g

[profiles]
path = /home/%U/windows_directory
[/code]

The "%L" should translate to server's NetBIOS name but it does not, resulting in not mapped user homes and profiles.
After i replace the "%L" with netbios server name it works (i have the netbios name specified in smb.conf ofc).

Also the "%a" does not work.
It creates (in my case) folder "%a.V2" (whole path /home/username/windows_directory/%a.V2) where expected behaviour would be eg. 'Vista.V2', referring to architecture of the client.

On the other hand the "%g" variable translates ok to user primary group with no problem.

Anyone has seen this? Tried to search it on Inet but not much turned out, except ppl having similar problems on Samba 4 where some variable names has been changed, but this is Samba 3 ... has there some variables been changed too?

Thanks!

ka
Log in to join the conversation

Responses

PS Guru 6494 points
20 August 2014 10:58 PM

My immediate thought would be that the variables with issues are preceded by a backslash '\' and it is being interpreted as an escape for the '%' (although the documentation example suggests whats you already have), but if %U works when you replace %L with the server name it would suggest this isn't the issue.

Have you attempted to use %N in place of %L?, documentation states they should behave the same if Samba wasn't built with autmount, but it may narrow down if it is specifically an issue with the %L variable.

logon home = \\%N\%U

Same goes for %a, have you tried substituting it with something else you know works for testing, eg. '%U' to narrow down if it is a specific issue with %a, or variables in general?

-edit-
Just noticed you are missing the leading '\\' before the server designation (not sure if this was stripped by the discussion forum, but guessing it was).

ka Active Contributor 246 points
21 August 2014 11:30 AM

Hi,
thanks for comment and advice! :]
Solved it. The problem was not actually in 'smb.conf' but in 'smbldap.conf' and in 'smbldap-useradd' script.

It is bug most probably in the 'smbldap-tools' package.
problem:
1. 'smbldap-useradd' pulls info from 'smbldap.conf with higher priority than from 'smb.conf'
2. if i specified samba variables to 'smbldap.conf' it was not translated to value upon user creation

so if i specified samba 'logon path' (and others) with variables like "%L" and "%a" etc to 'smbldap.conf' those variables (like "%L" and "%a") were not translated upon user creation and then were used as text string -as seen in example below

'smbldap.conf' (snipped):
userSmbHome="\%L\home\%U"
userProfile="\%L\profiles\%a"

example of user with badly specified vaues (pdbedit -Lv):
Unix username: frapadlo
NT username: frapadlo
Account Flags: [U ]
User SID: S-1-5-21-227204714-1302568183-3697768885-3012
Primary Group SID: S-1-5-21-227204714-1302568183-3697768885-100
Full Name: Franta Padlo
Home Directory: \%L\home\frapadlo
HomeDir Drive: H:
Logon Script: netlogon.bat
Profile Path: \%L\profiles\%a
Domain: DIRSRVGRP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set: Wed, 20 Aug 2014 16:57:41 CEST
Password can change: Wed, 20 Aug 2014 16:57:41 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Those informations from user attributes are pulled then as text string, leading to not translation to its values -> fail in mapping user directory etc.

After i disabled those variables in the 'smbldap.conf' the 'smbldap-useradd' script had to pull those informations from 'smb.conf' and this time it translated those variables to values successfully resultin in properly created users like eg:

init_sam_from_ldap: Entry found for user: honpadlo

Unix username: honpadlo
NT username: honpadlo
Account Flags: [U ]
User SID: S-1-5-21-227204714-1302568183-3697768885-3018
Primary Group SID: S-1-5-21-227204714-1302568183-3697768885-100
Full Name: Honza Padlo
Home Directory: \dirsrv2\home\honpadlo
HomeDir Drive: H:
Logon Script: netlogon.bat
Profile Path: \dirsrv2\profiles\UNKNOWN
Domain: DIRSRVGRP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set: Thu, 21 Aug 2014 13:05:03 CEST
Password can change: Thu, 21 Aug 2014 13:05:03 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Note the "UNKNOWN" for "%a" variable (architecture) of client that is not known (of course) at the time of user creation.
This is properly created user with all paths variables translated and set.

Problem identified (most probably) in the 'smbldap-useradd' script - which is not RH problem. But i posted anyway, because some might find it of value.

Thanks!

David Powles's picture Red Hat 25369 points
21 August 2014 1:58 PM

Glad you got it resolved, Karel. Thanks for following up with the solution.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.