[Samba] temporary profiles problem - don't want roaming profiles
Jeff Dickens
jeff at seamanpaper.com
Mon Oct 8 14:49:50 MDT 2012
Here I am replying to my own post, but I hope this information will be
useful. The following events appeared in the log when a Windows 7
workstation tries to log into the "boris" domain account at the main site:
*First the login events:
*Keywords Date and Time Source Event ID Task Category
Audit Success 10/8/2012 4:27:42 PM
Microsoft-Windows-Security-Auditing 4648 Logon "A logon was
attempted using explicit credentials.
Subject:
Security ID: SYSTEM
Account Name: WCOMPRM3$
Account Domain: SEAMANPAPER
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: boris
Account Domain: SEAMANPAPER
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x28a0
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Network Address: 127.0.0.1
Port: 0
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly
occurs in batch-type configurations such as scheduled tasks, or when using
the RUNAS command."
Audit Success 10/8/2012 4:27:42 PM
Microsoft-Windows-Security-Auditing 4624 Logon "An account was
successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: WCOMPRM3$
Account Domain: SEAMANPAPER
Logon ID: 0x3e7
Logon Type: 2
New Logon:
Security ID: SEAMANPAPER\Domain Users
Account Name: boris
Account Domain: SEAMANPAPER
Logon ID: 0x121d2a1f
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x28a0
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: WCOMPRM3
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was
created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some
cases.
The authentication information fields provide detailed information about
this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
*Then some profile events:
*
Does this tell you anything about what my problem might be ? I don't see
where it says the name of the location where it's trying to find the
non-existant roaming profile.
Level Date and Time Source Event ID Task Category
Warning 10/8/2012 4:27:22 PM Microsoft-Windows-User Profiles
Service 1530 None "Windows detected your registry file is still in
use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.
DETAIL -
15 user registry handles leaked from
\Registry\User\S-1-5-21-3331739098-3736223119-3628203672-500:
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Disallowed
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\My
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\CA
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\trust
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft
Shared\Windows Live\WLIDSVC.EXE) has opened key
\REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Root
"
Error 10/8/2012 4:27:43 PM Microsoft-Windows-User Profiles Service
1511 None Windows cannot find the local profile and is logging you on
with a temporary profile. Changes you make to this profile will be lost
when you log off.
Error 10/8/2012 4:27:43 PM Microsoft-Windows-User Profiles Service
1521 None "Windows cannot locate the server copy of your roaming
profile and is attempting to log you on with your local profile. Changes to
the profile will not be copied to the server when you log off. This error
may be caused by network problems or insufficient security rights.
DETAIL - The network name cannot be found.
"
Warning 10/8/2012 4:28:17 PM Microsoft-Windows-User Profiles
Service 1530 None "Windows detected your registry file is still in
use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.
DETAIL -
1 user registry handles leaked from
\Registry\User\S-1-5-21-947950628-2177205791-3689072656-513:
Process 10400 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has
opened key \REGISTRY\USER\S-1-5-21-947950628-2177205791-3689072656-513
"
On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens <jeff at seamanpaper.com> wrote:
> I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two
> remote sites, I have some Samba BDCs.
>
> For now I've manually entered the DCs as WINS servers on the workstations
> I'm using for testing. At the remote sites, I can log in with an account
> that has no logon path or logon home specified, and it works perfectly.
> But at the main site, when I try to log on to one of these accounts I get
> first get the "can't find the server copy of the roaming profile" and then
> "can't find the local profile logging you in with a temporary profile"
> errors. I can't figure this one out. I'm using the same account, and the
> samba setups are nearly identical - just one is a BDC and one a PDC.
>
> This is smb.conf on the PDC:
>
> [global]
> workgroup = SEAMANPAPER
> server string = %h server (Samba, Ubuntu)
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = ldapsam:ldap://localhost
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> smb ports = 137 138 139 445
> name resolve order = wins bcast hosts
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
> logon path =
> logon home =
> domain logons = Yes
> os level = 65
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=intranet,dc=seamanpaper,dc=com
> ldap ssl = no
> ldap user suffix = ou=People
> panic action = /usr/share/samba/panic-action %d
> idmap config * : range = 1000000-1999999
> idmap config * : backend = ldap
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [profiles]
> comment = Windows Profiles
> path = /home/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> store dos attributes = Yes
> browseable = No
> csc policy = disable
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = Yes
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> and on the BDC:
>
>
> [global]
> workgroup = SEAMANPAPER
> server string = %h server (Samba, Ubuntu)
> map to guest = Bad User
> obey pam restrictions = Yes
> passdb backend = ldapsam:ldap://localhost
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> smb ports = 137 138 139 445
> name resolve order = wins bcast hosts
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
> logon path =
> logon home =
> domain logons = Yes
> os level = 65
> domain master = No
> dns proxy = No
> wins proxy = Yes
> wins server = 192.168.10.127
> ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=intranet,dc=seamanpaper,dc=com
> ldap ssl = no
> ldap user suffix = ou=People
> panic action = /usr/share/samba/panic-action %d
> idmap config * : range = 1000000-1999999
> idmap config * : backend = ldap
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [profiles]
> comment = Windows Profiles
> path = /home/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> store dos attributes = Yes
> browseable = No
> csc policy = disable
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = Yes
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
>
> Also notice that my account (which has a roaming profile and works fine at
> all sites) has a "sambaProfilePath" attribute and the boris and rpoole
> accounts don't. This should make them no-roaming-profile accounts but it
> doesn't work consistently. It works at the two satellite sites but not at
> my main site.
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*jeff*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
> *sambaProfilePath: \\wilkins1\home\.winProfile*
> root at grackle:~#
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*boris*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*rpoole*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
>
>
> --
> * Jeff Dickens*
> IT Manager 978-632-1513
>
>
>
--
* Jeff Dickens*
IT Manager 978-632-1513
More information about the samba
mailing list