[Samba] temporary profiles problem - don't want roaming profiles

Jeff Dickens jeff at seamanpaper.com
Wed Oct 17 12:40:27 MDT 2012 

Apparently my problem is a bad combination of mystifying and uninteresting
:-) since I've not had a reply.

Can anyone maybe suggest how to debug this? How can I find out what name
it's looking for when it gets "The network name cannot be found" ?

Is it true that I should be able to have a Samba-3 Domain without roaming
profiles by just specifying


logon path =
logon home =


in smb.conf and not providing any *sambaProfilePath* attribute in LDAP ?




On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens <jeff at seamanpaper.com> wrote:

> I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two
> remote sites, I have some Samba BDCs.
>
> For now I've manually entered the DCs as WINS servers on the workstations
> I'm using for testing.   At the remote sites, I can log in with an account
> that has no logon path or logon home specified, and it works perfectly.
>  But at the main site, when I try to log on to one of these accounts I get
> first get the "can't find the server copy of the roaming profile" and then
> "can't find the local profile logging you in with a temporary profile"
> errors.  I can't figure this one out.  I'm using the same account, and the
> samba setups are nearly identical - just one is a BDC and one a PDC.
>
> This is smb.conf on the PDC:
>
> [global]
>         workgroup = SEAMANPAPER
>         server string = %h server (Samba, Ubuntu)
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         passdb backend = ldapsam:ldap://localhost
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         smb ports = 137 138 139 445
>         name resolve order = wins bcast hosts
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
>         rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
>         delete user script = /usr/sbin/smbldap-userdel '%u'
>         add group script = /usr/sbin/smbldap-groupadd -p '%g'
>         delete group script = /usr/sbin/smbldap-groupdel '%g'
>         add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
>         delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
>         set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>         add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
>         logon path =
>         logon home =
>         domain logons = Yes
>         os level = 65
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=Computers
>         ldap passwd sync = yes
>         ldap suffix = dc=intranet,dc=seamanpaper,dc=com
>         ldap ssl = no
>         ldap user suffix = ou=People
>         panic action = /usr/share/samba/panic-action %d
>         idmap config * : range = 1000000-1999999
>         idmap config * : backend = ldap
>         printing = bsd
>         print command = lpr -r -P'%p' %s
>         lpq command = lpq -P'%p'
>         lprm command = lprm -P'%p' %j
>
> [profiles]
>         comment = Windows Profiles
>         path = /home/samba/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         store dos attributes = Yes
>         browseable = No
>         csc policy = disable
>
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         guest ok = Yes
>
> [homes]
>         comment = Home Directories
>         valid users = %S
>         read only = No
>         browseable = No
>
> and on the BDC:
>
>
> [global]
>         workgroup = SEAMANPAPER
>         server string = %h server (Samba, Ubuntu)
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         passdb backend = ldapsam:ldap://localhost
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         smb ports = 137 138 139 445
>         name resolve order = wins bcast hosts
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
>         rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
>         delete user script = /usr/sbin/smbldap-userdel '%u'
>         add group script = /usr/sbin/smbldap-groupadd -p '%g'
>         delete group script = /usr/sbin/smbldap-groupdel '%g'
>         add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
>         delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
>         set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>         add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
>         logon path =
>         logon home =
>         domain logons = Yes
>         os level = 65
>         domain master = No
>         dns proxy = No
>         wins proxy = Yes
>         wins server = 192.168.10.127
>         ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=Computers
>         ldap passwd sync = yes
>         ldap suffix = dc=intranet,dc=seamanpaper,dc=com
>         ldap ssl = no
>         ldap user suffix = ou=People
>         panic action = /usr/share/samba/panic-action %d
>         idmap config * : range = 1000000-1999999
>         idmap config * : backend = ldap
>         printing = bsd
>         print command = lpr -r -P'%p' %s
>         lpq command = lpq -P'%p'
>         lprm command = lprm -P'%p' %j
>
> [profiles]
>         comment = Windows Profiles
>         path = /home/samba/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         store dos attributes = Yes
>         browseable = No
>         csc policy = disable
>
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         guest ok = Yes
>
> [homes]
>         comment = Home Directories
>         valid users = %S
>         read only = No
>         browseable = No
>
>
> Also notice that my account (which has a roaming profile and works fine at
> all sites) has a "sambaProfilePath" attribute and the boris and rpoole
> accounts don't.  This should make them no-roaming-profile accounts but it
> doesn't work consistently.  It works at the two satellite sites but not at
> my main site.
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*jeff*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
> *sambaProfilePath: \\wilkins1\home\.winProfile*
> root at grackle:~#
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*boris*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
> root at grackle:~# ldapsearch -W -D
> cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://
> grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com
> "(uid=*rpoole*)" | grep Path
> Enter LDAP Password:
> sambaHomePath: \\wilkins1\home
>
>
>
> --
> *     Jeff Dickens*
>      IT Manager      978-632-1513
>
>
>


-- 
*     Jeff Dickens*
     IT Manager      978-632-1513

More information about the samba mailing list