[Samba] Need help getting roaming profiles to work

Adam Williams awilliam at mdah.state.ms.us
Sat Mar 29 23:23:58 GMT 2008 

what is the permissions on /data/profiles?  is it owned by root.root and 
set to 1777?

also in the [global] section add:

logon drive = R:
logon home = \\%N\%U

change the shares to:

[homes]
        comment = Home Directories
        writeable = Yes
        browseable = No
        hide dot files = yes
        public = no
        valid users = %S
        create mask = 0700
        force create mode = 0700
        directory mask = 0700
        force directory mode = 0700

[netlogon]
        path = /home/netlogon
        read only = yes
        guest ok = no
        browseable = no
        admin users = tech

[profiles]
        path = /data/profiles
        writeable = yes
        create mask = 0700
        directory mask = 0700
        browseable = no
        guest ok = no


web stuff wrote:
> Hi!
> First, let me apologize for the length of this message. I wanted to
> include as much relevant info as I could and it got a bit lengthy.
>
> For reasons that I won't bother to detail here, I ended up
> volunteering to upgrade the server at my kids school. It's a small
> private school with an all-volunteer tech support staff (me!). We
> currently have about 40 computers serving about 150 people. The
> server's primary function is a file server/domain controller, but we
> also use it to serve up the school website. If I can get things
> working properly, we would also like to use it as a proxy server.
>
> The server was running Red Hat 9 with Samba 3.0.10. After a bit of
> research, I decided to use Ubuntu Server 7.10 along with the latest
> Samba package available with the distro (3.0.26a) I am a total rookie
> when it comes to Linux/Samba, so I set up a test system at home to
> learn how to make it all work. After a couple weeks of
> reading/trying/testing, I felt like I had a good enough understanding
> to try the upgrade on the school server. Well, I've been able to get
> it about 98% correct, but the last little bit is driving me nuts!
>
> The problem I'm having is that I can't get the Windows roaming
> profiles to be saved to the server. I have been searching the net and
> reading everything I can find related to this problem, but everything
> I have tried only seems to make things worse.
>
> The server is set up as a PDC and users can log in just fine. They can
> access all the shares I set up just fine. They can read/write to their
> home share just fine. I've even proven that they can read/write to the
> location where I want the profiles stored (I've even tried having the
> system store their profiles in their home directory). When they log in
> and the Windows OS creates a new profile for them, they can modify the
> profile in all the normal ways just fine. When they log out, the
> server does not save that profile.
>
> I realize that roaming profiles aren't necessarily the best way to
> operate a , but for now I feel it's the best way for the school
> to operate. When I learn more about how to work with Samba and Windows
> profiles, I might change that.
>
> Some of the settings were carried over from the previous setup because
> I was worried about breaking the web server functionality. I'm still
> learning about all this and I'm not sure which things I can change and
> which I can't.
>
> Thanks for any help you can provide!
> Bob Bolhuis
>
> Some info about the machines/logins:
> Server name = bcs_linebacker  (Is the "_" character in the server name
> a problem? I've seen references to that being an illegal character.)
> Machine used for login testing = lab06
> Login used to create the log files below = tech
> Domain name = BC_SCHOOL
>
> Configuration settings generated by using testparm:
>
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> [global]
>  workgroup = BC_SCHOOL
>  server string = BCS Server
>  passdb backend = tdbsam
>  passwd program = /usr/bin/passwd %u
>  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n
> *passwd:*password\supdated\ssuccessfully* .
>  unix password sync = Yes
>  log file = /var/log/samba/log.%m
>  max log size = 1000
>  socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>  add machine script = /usr/sbin/useradd -d /samba-clients -g
> samba-clients -s /bin/false %u
>  logon script = map_network_drives.bat
>  logon path = \\%L\profiles\%U
>  domain logons = Yes
>  os level = 65
>  preferred master = Yes
>  domain master = Yes
>  dns proxy = No
>  idmap uid = 15000-20000
>  idmap gid = 15000-20000
>  admin users = @root, @ntadmin, @tech, tech
>  hosts allow = 192.168.110.
>  profile acls = Yes
>
> [netlogon]
>  path = /home/netlogon
>  admin users = tech
>  read only = No
>  guest ok = Yes
>  browseable = No
>
> [profiles]
>  path = /data/profiles
>  read only = No
>  create mask = 0600
>  directory mask = 0700
>  hide files = /desktop.ini/outlook*.lnk/*Briefcase*
>  store dos attributes = Yes
>  browseable = No
>
> [homes]
>  read only = No
>  browseable = No
>
>
> Below are various log files, some of which may be irrelevant, but I
> don't know enough about the inner workings to know which of these have
> significance.
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.lab06:
>
> [2008/03/27 22:27:18, 1] smbd/service.c:make_connection_snum(1033)
>  lab06 (192.168.110.220) connect to service pc06 initially as user
> tech (uid=0, gid=527) (pid 5347)
>
>
> [2008/03/27 22:27:21, 1] smbd/service.c:close_cnum(1230)
>  lab06 (192.168.110.220) closed connection to service pc06
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_administrators(792)
>
>
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:27:42, 1] smbd/service.c:make_connection_snum(1033)
>
>
>  lab06 (192.168.110.220) connect to service tech initially as user
> tech (uid=0, gid=527) (pid 5347)
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_administrators(792)
>
>
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:27:42, 1] smbd/service.c:close_cnum(1230)
>
>
>  lab06 (192.168.110.220) closed connection to service tech
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
>
>
> [2008/03/27 22:27:42, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:27:46, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
>
>
> [2008/03/27 22:27:46, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:27:46, 1] smbd/service.c:make_connection_snum(1033)
>  lab06 (192.168.110.220) connect to service tech initially as user
> tech (uid=0, gid=527) (pid 5347)
>
>
> [2008/03/27 22:27:53, 1] smbd/service.c:close_cnum(1230)
>  lab06 (192.168.110.220) closed connection to service tech
> [2008/03/27 22:27:54, 0] auth/auth_util.c:create_builtin_administrators(792)
>
>
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 22:27:54, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:27:54, 1] smbd/service.c:make_connection_snum(1033)
>
>
>  lab06 (192.168.110.220) connect to service tech initially as user
> tech (uid=0, gid=527) (pid 5347)
> [2008/03/27 22:28:05, 1] smbd/service.c:close_cnum(1230)
>  lab06 (192.168.110.220) closed connection to service tech
>
>
> [2008/03/27 22:28:06, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 22:28:06, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
>
>
> [2008/03/27 22:28:06, 1] smbd/service.c:make_connection_snum(1033)
>  lab06 (192.168.110.220) connect to service tech initially as user
> tech (uid=0, gid=527) (pid 5347)
>
> [2008/03/27 22:28:14, 1] smbd/service.c:close_cnum(1230)
>
>  lab06 (192.168.110.220) closed connection to service tech
> [2008/03/27 22:28:14, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
>
>
> [2008/03/27 22:28:14, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:28:14, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
>
>
> [2008/03/27 22:28:14, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:28:18, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
>
>
> [2008/03/27 22:28:18, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/03/27 22:28:18, 1] smbd/service.c:make_connection_snum(1033)
>  lab06 (192.168.110.220) connect to service tech initially as user
> tech (uid=0, gid=527) (pid 5347)
>
>
> [2008/03/27 22:28:22, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 22:28:22, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.0.0.0.0:
>
> [2008/03/27 21:49:19, 0] lib/util_sock.c:get_peer_addr(1232)
>  getpeername failed. Error was Transport endpoint is not connected
> [2008/03/27 21:49:19, 0] lib/access.c:check_access(327)
> [2008/03/27 21:49:19, 0] lib/util_sock.c:get_peer_addr(1232)
>
>
>  getpeername failed. Error was Transport endpoint is not connected
>  Denied connection from (0.0.0.0)
> [2008/03/27 21:49:19, 1] smbd/process.c:process_smb(1061)
> [2008/03/27 21:49:19, 0] lib/util_sock.c:get_peer_addr(1232)
>
>
>  getpeername failed. Error was Transport endpoint is not connected
>  Connection denied from 0.0.0.0
> [2008/03/27 21:49:19, 0] lib/util_sock.c:write_data(562)
>  write_data: write failure in writing to client 192.168.110.110. Error
> Connection reset by peer
>
>
> [2008/03/27 21:49:19, 0] lib/util_sock.c:send_smb(769)
>  Error writing 5 bytes to client. -1. (Connection reset by peer)
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.smdb:
>
> [2008/03/27 21:33:42, 0] smbd/server.c:main(944)
>  smbd version 3.0.26a started.
>
>
>  Copyright Andrew Tridgell and the Samba Team 1992-2007
> [2008/03/27 21:33:42, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 21:33:42, 0] auth/auth_util.c:create_builtin_users(758)
>
>
>  create_builtin_users: Failed to create Users
> [2008/03/27 21:33:42, 0] auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
> [2008/03/27 21:33:42, 0] auth/auth_util.c:create_builtin_users(758)
>
>
>  create_builtin_users: Failed to create Users
> [2008/03/27 21:49:19, 0] lib/util_sock.c:get_peer_addr(1232)
>  getpeername failed. Error was Transport endpoint is not connected
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.web-BC_SCHOOL:
>
>
> [2008/03/27 20:51:47, 1]
> rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
>
>  cli_pipe_validate_current_pdu: RPC fault code
> DCERPC_FAULT_OP_RNG_ERROR received from remote machine BCS_LINEBACKER
> pipe \lsarpc fnum 0x7302!
>
>
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.winbindd-idmap:
>
> [2008/03/27 22:24:02, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
>
>  idmap uid range missing or invalid
>  idmap will be unable to map foreign SIDs
> [2008/03/27 22:24:02, 0] nsswitch/idmap.c:idmap_alloc_init(735)
>
>  ERROR: Initialization failed for alloc backend, deferred!
> [2008/03/27 22:24:02, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
>  idmap uid range missing or invalid
>  idmap will be unable to map foreign SIDs
>
>
> [2008/03/27 22:24:02, 0] nsswitch/idmap.c:idmap_alloc_init(735)
>  ERROR: Initialization failed for alloc backend, deferred!
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> log.winbindd:
>
> [2008/03/27 22:21:00, 0] libsmb/clientgen.c:cli_receive_smb(112)
>
>  Receiving SMB: Server stopped responding
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Messages generated during restart of system:
>
>  Got SIGTERM: going down...
> [2008/03/27 21:33:42, 0] nmbd/nmbd.c:main(697)
>  Netbios nameserver version 3.0.26a started.
>  Copyright Andrew Tridgell and the Samba Team 1992-2007
> [2008/03/27 21:33:42, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
>
>
>  add_domain_logon_names:
>  Attempting to become logon server for workgroup BC_SCHOOL on subnet
> 192.168.110.61
> [2008/03/27 21:33:42, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
>
>
>  become_domain_master_browser_bcast:
>  Attempting to become domain master browser on workgroup BC_SCHOOL on
> subnet 192.168.110.61
> [2008/03/27 21:33:42, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
>
>
>  become_domain_master_browser_bcast: querying subnet 192.168.110.61
> for domain master browser on workgroup BC_SCHOOL
> [2008/03/27 21:33:46, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
>
>
>  become_logon_server_success: Samba is now a logon server for
> workgroup BC_SCHOOL on subnet 192.168.110.61
> [2008/03/27 21:33:50, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
>
>
>  *****
>
>  Samba server BCS_LINEBACKER is now a domain master browser for
> workgroup BC_SCHOOL on subnet 192.168.110.61
>
>  *****
> [2008/03/27 21:34:05, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
>
>
>  *****
>
>  Samba name server BCS_LINEBACKER is now a local master browser for
> workgroup BC_SCHOOL on subnet 192.168.110.61
>
>  *****
>

More information about the samba mailing list