[Samba] Roaming Profiles under Linux clients

Fri Oct 5 01:44:20 MDT 2012

Hi Mario,

> As I configured the Roaming profiles under linux, it more or less generate
> an abnormal operation (in less than 2 mins) if I add/copy some files to the
> home directory. But for Windows XP and Windows 7 is running smoothly and it
> generates folders at the Samba4 server location with corresponding users.
> e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008) based on
> my observations.

I'm interested in the way you configured the roaming profile on the 
linux side. Did you use csync for the synchronisation? I've looked at it 
in the past and didn't found any straight away solution. Anyway, I guess 
there should be some kind of Administrator.linux profile directory on 
the server side since the ubuntu profile won't be compatible from 
windows to linux (those profiles are not even compatible between winxp 
and win7...)

Cheers,

Denis

>
> I was confused on roaming under linux (or maybe it was not yet supported),
> because once I login as the administrator (one account in Samba4 - AD user)
> in linux, adding (files to the desktop) or modifying (I used to move to the
> home directory). Then login to the Windows 7 and WinXP, it will NOT login
> when I see the logs of the server using -d3
>
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> Kerberos: Looking for PKINIT pa-data -- administrator at UCHIHA
> Kerberos: Looking for ENC-TS pa-data -- administrator at UCHIHA
> Kerberos: Failed to decrypt PA-DATA -- administrator at UCHIHA (enctype
> arcfour-hmac-md5) error Decrypt integrity check failed
> Kerberos: Failed to decrypt PA-DATA -- administrator at UCHIHA
> Kerberos: AS-REQ administrator at UCHIHA from ipv4:192.168.150.135:3064
> for krbtgt/UCHIHA at UCHIHA
>
>
> But for a few minutes, you can login again and this time it will display at
> the system tray (a dialog box) "User Profile Service There was a problem
> with your roaming profile. You have been logged on with your previously
> saved local profile. Please see the event logs for details or contact your
> administrator", but those files are just only few bytes (less than 1MB)
> just the pam.d files. The saved files are not located either of Windows XP
> or 7.
>
> auth_check_password_send: Checking password for unmapped user
> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
> auth_check_password_send: mapped user is:
> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
> ntlm_password_check: NTLMv2 password check failed
> ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator
> ntlm_password_check: LM password, NT MD4 password in LM field and LMv2
> failed for user administrator
> auth_check_password_recv: sam_ignoredomain authentication for user
> [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/AMBOT-LINUX
> auth_check_password_send: Checking password for unmapped user
> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
> auth_check_password_send: mapped user is:
> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
> Got a dns update request.
> Update not allowed for unsigned packet.
> Tkey handshake completed
> Terminating connection - 'dns_tcp_call_loop:
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[dns_tcp_call_loop:
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
>
> But after a 20mins, coz I went somewhere. It goes to normal again. I
> conclude that Linux (Ubuntu 12.04) roaming profiles is not yet implemented
> in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not
> detected in the network, but WinXp and Ubuntu machines are visible.
>
> Any ideas how to implement roaming profile under Linux as the clients?
>
>
> Cheers,
> Mario
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.57
http://www.tranquil-it-systems.fr